hi, so you've added a user to the users file (line 4....).... and you want to use MD5 - whats doing the MD5 EAP auth - the switch or a wired client doing 802.1X native on a switch port? the client, whichever it is, isnt configured natively for MD5 - its trying some other method, which the server is NAKing - then its doing MD5 - this might be a cause of your issues. when MD5 is being done, the server pretty much rejects the auth when it hits eap-md5 for the proper md5 phase. which would suggest that something about the client isnt right...or something about the entry in the users file isnt right - so whilst user-name matches on line 4, some of the other check items arent quite right. incorrect shared secret might be involved too..... alan