Hi all, I would like to configure an access point to accept client certificates only, with no usernames and passwords. As a understand, what I am looking for is EAP-TLS, and I have attempted to configure it against a mikrotik routerboard. I see the radius packet entering the server, with the User-Name set to the MAC address of the incoming client (mikrotik default behaviour). My next step is to suitably configure freeradius to accept the login based on the attributes within the client certificate, and to accept any User-Name, however I can find no documentation how to do this. Ideally, I would like the effective freeradius login name to be the DN of the client certificate. Does anyone know whether this is possible, and if so, what I need to tell freeradius to make this happen? I am using freeradius-1.1.3-1.5.el5_4 (on an RHEL5 system). Regards, Graham --