Hi, I have followed your advise and I went back to the default config. I have read the: http://deployingradius.com/documents/configuration/certificates.html And I have followed it step by step. Testing first the PAP auth with an entry in users.conf and it worked fine. Next I add the Wireless LAN Controller in clients.conf and change the default eap_type with peap. I get the next warning: Debug: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Debug: WARNING: !! EAP session for state 0xc729a88ac72ab1dd did not finish! Debug: WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility Debug: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Testing with an WinXP and Win7 client, so I do not think its a Supplicant issue. The supplicant config is PEAP with MSCHAPv2, and no certificate validation. I have a look to certs/README file, and I have studied the ./bootstrap script I make sure xpextensions are applied.I also launch rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt* Before modifying the server.cnf and ca.cnf and launch bootstrap script again. I always get the same warning, I do no undestand why. In http://deployingradius.com says it just worked, but not in my enviorment. I attach the output: Thu Mar 31 13:14:25 2011 : Info: Ready to process requests. rad_recv: Access-Request packet from host 10.118.249.20 port 32768, id=51, length=173 User-Name = "bob" Calling-Station-Id = "00-1B-77-8E-1E-A4" Called-Station-Id = "00-1E-4A-90-5F-30:eduroam" NAS-Port = 29 NAS-IP-Address = 10.118.249.20 NAS-Identifier = "WLC_2_SCC_LAB" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "911" EAP-Message = 0x0202000801626f62 Message-Authenticator = 0xfabf4ce8269ee315494653e616f244ce Thu Mar 31 13:14:26 2011 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default Thu Mar 31 13:14:26 2011 : Info: +- entering group authorize {...} Thu Mar 31 13:14:26 2011 : Info: ++[preprocess] returns ok Thu Mar 31 13:14:26 2011 : Info: ++[chap] returns noop Thu Mar 31 13:14:26 2011 : Info: ++[mschap] returns noop Thu Mar 31 13:14:26 2011 : Info: ++[digest] returns noop Thu Mar 31 13:14:26 2011 : Info: [suffix] No '@' in User-Name = "bob", looking up realm NULL Thu Mar 31 13:14:26 2011 : Info: [suffix] No such realm "NULL" Thu Mar 31 13:14:26 2011 : Info: ++[suffix] returns noop Thu Mar 31 13:14:26 2011 : Info: [eap] EAP packet type response id 2 length 8 Thu Mar 31 13:14:26 2011 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation Thu Mar 31 13:14:26 2011 : Info: ++[eap] returns updated Thu Mar 31 13:14:26 2011 : Info: [files] users: Matched entry bob at line 1 Thu Mar 31 13:14:26 2011 : Info: ++[files] returns ok Thu Mar 31 13:14:26 2011 : Info: ++[expiration] returns noop Thu Mar 31 13:14:26 2011 : Info: ++[logintime] returns noop Thu Mar 31 13:14:26 2011 : Info: [pap] WARNING: Auth-Type already set. Not setting to PAP Thu Mar 31 13:14:26 2011 : Info: ++[pap] returns noop Thu Mar 31 13:14:26 2011 : Info: Found Auth-Type = EAP Thu Mar 31 13:14:26 2011 : Info: # Executing group from file /etc/raddb/sites-enabled/default Thu Mar 31 13:14:26 2011 : Info: +- entering group authenticate {...} Thu Mar 31 13:14:26 2011 : Info: [eap] EAP Identity Thu Mar 31 13:14:26 2011 : Info: [eap] processing type tls Thu Mar 31 13:14:26 2011 : Info: [tls] Initiate Thu Mar 31 13:14:26 2011 : Info: [tls] Start returned 1 Thu Mar 31 13:14:26 2011 : Info: ++[eap] returns handled Sending Access-Challenge of id 51 to 10.118.249.20 port 32768 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc729a88ac72ab1dd3e4f8d4fc2851f1c Thu Mar 31 13:14:26 2011 : Info: Finished request 9. Thu Mar 31 13:14:26 2011 : Debug: Going to the next request Thu Mar 31 13:14:26 2011 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.118.249.20 port 32768, id=51, length=173 Thu Mar 31 13:14:28 2011 : Info: Sending duplicate reply to client WiSM port 32768 - ID: 51 Sending Access-Challenge of id 51 to 10.118.249.20 port 32768 Thu Mar 31 13:14:28 2011 : Debug: Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 10.118.249.20 port 32768, id=51, length=173 Thu Mar 31 13:14:30 2011 : Info: Sending duplicate reply to client WiSM port 32768 - ID: 51 Sending Access-Challenge of id 51 to 10.118.249.20 port 32768 Thu Mar 31 13:14:30 2011 : Debug: Waking up in 0.9 seconds. Thu Mar 31 13:14:31 2011 : Info: Cleaning up request 9 ID 51 with timestamp +60 Thu Mar 31 13:14:31 2011 : Debug: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Thu Mar 31 13:14:31 2011 : Debug: WARNING: !! EAP session for state 0xc729a88ac72ab1dd did not finish! Thu Mar 31 13:14:31 2011 : Debug: WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility Thu Mar 31 13:14:31 2011 : Debug: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Thu Mar 31 13:14:31 2011 : Info: Ready to process requests. Thanks in advance. -- View this message in context: http://freeradius.1045715.n5.nabble.com/freeradius-2-1-10-WARNING-Internal-s... Sent from the FreeRadius - User mailing list archive at Nabble.com.