Hi everybody, as frequently here, an other EAP-TTLS problem ;) I use WinXP + SecureW2 + Cisco AP1100 + freeRADIUS 1.0.1 & 1.0.2 freeradius see TLS packet but it's EAP-TTLS (with PAP) so authentication doesn't works. Of course eap is set in radiusd.conf (authentication and authorization section) My eap.conf is here : eap { default_eap_type = ttls timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no # Supported EAP-types md5 { } # EAP-TLS tls { # default_eap_type = ttls private_key_password = astronomie private_key_file = ${raddbdir}/certs/vega.maquette.grenet.fr.pem certificate_file = ${raddbdir}/certs/vega.maquette.grenet.fr.pem CA_file = ${raddbdir}/certs/root.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes # check_crl = yes # check_cert_cn = %{User-Name} } ttls { default_eap_type = md5 copy_request_to_tunnel = yes use_tunneled_reply = yes } #peap { # default_eap_type = mschapv2 #} #mschapv2 { #} } When I launch radiusd -X, this is what it says : ... Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/vega.maquette.grenet.fr.pem" tls: certificate_file = "/etc/raddb/certs/vega.maquette.grenet.fr.pem" tls: CA_file = "/etc/raddb/certs/root.pem" tls: private_key_password = "astronomie" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = yes ttls: use_tunneled_reply = yes rlm_eap: Loaded and initialized type ttls Module: Instantiated eap (eap) ... When I try to authenticate, is below... rad_recv: Access-Request packet from host 10.1.1.2:21672, id=106, length=132 User-Name = "david" Framed-MTU = 1400 Called-Station-Id = "000e.8440.bbb0" Calling-Station-Id = "000d.54aa.a39c" Service-Type = Login-User Message-Authenticator = 0x150c704b98ad730ead5764e4be788835 EAP-Message = 0x0202000a016461766964 NAS-Port-Type = Wireless-802.11 NAS-Port = 7080 NAS-IP-Address = 10.1.1.2 NAS-Identifier = "ap-maquette" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "david", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "david" rlm_realm: Proxying request from user david to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched david at 19 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: EAP Identity rlm_eap: processing type tls <========= why ? it should be TTLS !!! rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 106 to 10.1.1.2:21672 Service-Type = Framed-User Framed-MTU = 1500 Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := "402" EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdcb2b96e379c8bc2dcb4b5b405a23cab Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... ... (fall in timeout and process repeat again and again) Can someone help me ? how can I debug more ? thanks.