Hullo, a FreeRADIUS newbie here, with a (hopefully) basic question: I am struggling to figure out how to use freeradius-client as NAS/authenticator when authenticating a supplicant to freeradius-server. I already implemented a version that calculated and verified the EAP MD5 hashes locally (without FR client), but I would now like to move authentication responsibilities to the server. I am currently trying to forward EAP identity response from the supplicant, but cannot get the server to accept my Message-Authenticator. I think I have established that I need to add at least PW_EAP_MESSAGE (with the EAP bytes attached) and PW_MESSAGE_AUTHENTICATOR attributes when using the FR client, but how am I able to calculate the correct HMAC MD5 without the packet identifier that (I think) is generated in the FR client? The secret is configured correctly on both sides, of that I am 99,99% sure. :) Best regards, Simo