Hi again, I set EAP-TLS with cert. - i use that text http://www.fredprod.com/affiche_howtos.php but ... i set in radius.conf authorize { files } and authenticate { eap } and in users file "username-the same what in cert" Auth-Type := EAP but in debug mode i see: ------------------- rad_recv: Access-Request packet from host 192.168.1.245:3072, id=0, length=135 User-Name = "rka" NAS-IP-Address = 192.168.1.245 Called-Station-Id = "001217694588" Calling-Station-Id = "0014a41e7112" NAS-Identifier = "001217694588" NAS-Port = 61 Framed-MTU = 1400 State = 0x7fb3974e3abaf6925a5284b2338f93a6 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0xd8e04dc8793f5401249372587b5867df Thu Jan 18 11:42:51 2007 : Debug: Processing the authorize section of radiusd.conf Thu Jan 18 11:42:51 2007 : Debug: modcall: entering group authorize for request 3 Thu Jan 18 11:42:51 2007 : Debug: modsingle[authorize]: calling files (rlm_files) for request 3 Thu Jan 18 11:42:51 2007 : Debug: users: Matched entry rka at line 141 Thu Jan 18 11:42:51 2007 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 3 Thu Jan 18 11:42:51 2007 : Debug: modcall[authorize]: module "files" returns ok for request 3 Thu Jan 18 11:42:51 2007 : Debug: modcall: leaving group authorize (returns ok) for request 3 Thu Jan 18 11:42:51 2007 : Debug: rad_check_password: Found Auth-Type EAP Thu Jan 18 11:42:51 2007 : Debug: auth: type "EAP" Thu Jan 18 11:42:51 2007 : Debug: Processing the authenticate section of radiusd.conf Thu Jan 18 11:42:51 2007 : Debug: modcall: entering group authenticate for request 3 Thu Jan 18 11:42:51 2007 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 3 Thu Jan 18 11:42:51 2007 : Debug: rlm_eap: Request found, released from the list Thu Jan 18 11:42:51 2007 : Debug: rlm_eap: EAP/peap Thu Jan 18 11:42:51 2007 : Debug: rlm_eap: processing type peap Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_peap: Authenticate Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_tls: processing TLS Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_tls: ack handshake fragment handler Thu Jan 18 11:42:51 2007 : Debug: eaptls_verify returned 1 Thu Jan 18 11:42:51 2007 : Debug: eaptls_process returned 13 Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_peap: EAPTLS_HANDLED Thu Jan 18 11:42:51 2007 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Thu Jan 18 11:42:51 2007 : Debug: modcall[authenticate]: module "eap" returns handled for request 3 Thu Jan 18 11:42:51 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 0 to 192.168.1.245 port 3072 EAP-Message = 0x010500061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdaf79644eaea9256a1b9537be3c3f7bc ------------------- What i must change to be good auth ? And How i must set authentication and authorize if i will use that in future with ldap? BR, Rafal Kaminski