I am succesfully doing this but with one glitch. It only works with WinXP as the supplicant. The problem I can tell is with Certs, but I cannot figure out how to fix it. So far the chipsets on the adapters is Atheros 5211 and Ralink rt2500. The ralinks authenticate fine using WinXP as supplicant, but fail using the ralink client software in Win2k and WinXP. The GN-WPEAG chipsets also fail using the supplied clients. Is there something special to know or do to get certs.sh to work properly in Suse 9.3, so far I have only been able to get it to work by installing OpenSSL in USR/Local even though Suse 93 says it is already installed. I am including two log peices, the 1st with WinXP as Authenticating and 2nd is Ralink utility on same machine failing to authenticate. WINXP TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module eap returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 180 to 10.10.4.20:2500 EAP-Message = 0x0104003119001403010001011603010020fb444951ea0360a043b79a34ac4ca533ae9744e6dc6fd7cda10c7b0470fbc55b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd86ec63a7680f4308aeb922aa999e201 Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.10.4.20:2501, id=181, length=136 NAS-IP-Address = 10.10.4.20 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Framed-MTU = 1400 User-Name = dhesse Calling-Station-Id = 001109229950 Called-Station-Id = 000e6acd7ff5 NAS-Identifier = dhlab_3com State = 0xd86ec63a7680f4308aeb922aa999e201 EAP-Message = 0x020400061900 Message-Authenticator = 0x76ad5ea260dbcc6ec8c011c9c7faa527 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 3 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for dhesse radius_xlat: '(uid=dhesse)' radius_xlat: 'o=StormLake' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user dhesse authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module eap returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 181 to 10.10.4.20:2501 EAP-Message = 0x0105002019001703010015bc0c8b230b6818687fdf49953a86ea2a7c92d8f0be Message-Authenticator = 0x00000000000000000000000000000000 State = 0x34fc3101d2597dcae9f02eb68c529953 Finished request 3 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.10.4.20:2502, id=182, length=164 NAS-IP-Address = 10.10.4.20 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Framed-MTU = 1400 User-Name = dhesse Calling-Station-Id = 001109229950 Called-Station-Id = 000e6acd7ff5 NAS-Identifier = dhlab_3com State = 0x34fc3101d2597dcae9f02eb68c529953 EAP-Message = 0x02050022190017030100171d156bb7f6783f7d189e1907099a9fa7309a04e469c5b1 Message-Authenticator = 0xe538669776929af733db5ebd93558b24 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module preprocess returns ok for request 4 modcall[authorize]: module chap returns noop for request 4 modcall[authorize]: module mschap returns noop for request 4 rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 4 rlm_eap: EAP packet type response id 5 length 34 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 4 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for dhesse radius_xlat: '(uid=dhesse)' radius_xlat: 'o=StormLake' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user dhesse authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - dhesse rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of dhesse PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to dhesse Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module preprocess returns ok for request 4 modcall[authorize]: module chap returns noop for request 4 modcall[authorize]: module mschap returns noop for request 4 rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 4 rlm_eap: EAP packet type response id 5 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 4 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for dhesse radius_xlat: '(uid=dhesse)' radius_xlat: 'o=StormLake' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user dhesse authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module eap returns handled for request 4 modcall: group authenticate returns handled for request 4 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module eap returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 182 to 10.10.4.20:2502 EAP-Message = 0x010600371900170301002c2e60ef6cbaeb243c56acedee7a7f10fd837170ff8a7cf9db7376f6b80f3978e34405f8355b645ec66f716d00 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5658e0fa40025a64a9c21e91575b399d Finished request 4 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.10.4.20:2503, id=183, length=218 NAS-IP-Address = 10.10.4.20 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Framed-MTU = 1400 User-Name = dhesse Calling-Station-Id = 001109229950 Called-Station-Id = 000e6acd7ff5 NAS-Identifier = dhlab_3com State = 0x5658e0fa40025a64a9c21e91575b399d EAP-Message = 0x020600581900170301004dde7841f54a1023bc51de5b1049a3f40bc6a3885985ce3a25d2bb4eccc1b5750fb81735d317f01cdf5be04fa5ffb8d4ba2d8c4797bcc127929b672758a2ffe8fc4618d3ac27af90766780edb361 Message-Authenticator = 0xb1ca667f588b5c0be2ebe759ba2d3d71 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module preprocess returns ok for request 5 modcall[authorize]: module chap returns noop for request 5 modcall[authorize]: module mschap returns noop for request 5 rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 5 rlm_eap: EAP packet type response id 6 length 88 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 5 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for dhesse radius_xlat: '(uid=dhesse)' radius_xlat: 'o=StormLake' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user dhesse authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to dhesse PEAP: Adding old state with 27 d7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module preprocess returns ok for request 5 modcall[authorize]: module chap returns noop for request 5 modcall[authorize]: module mschap returns noop for request 5 rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 5 rlm_eap: EAP packet type response id 6 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 5 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for dhesse radius_xlat: '(uid=dhesse)' radius_xlat: 'o=StormLake' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user dhesse authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 5 rlm_mschap: Told to do MS-CHAPv2 for dhesse with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module mschap returns ok for request 5 modcall: group Auth-Type returns ok for request 5 MSCHAP Success modcall[authenticate]: module eap returns handled for request 5 modcall: group authenticate returns handled for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module eap returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 183 to 10.10.4.20:2503 EAP-Message = 0x0107004a1900170301003f0226fad9a3d3afef959674ecb3b3414541310676070004398f63d7a5bba3441ee2a3dfcdbbbde73f91f7312051a0f5b579bf9193eb090630c7be88de6d4dee Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c24a22194018da936facb78fe3ceaf8 Finished request 5 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.10.4.20:2504, id=184, length=159 NAS-IP-Address = 10.10.4.20 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Framed-MTU = 1400 User-Name = dhesse Calling-Station-Id = 001109229950 Called-Station-Id = 000e6acd7ff5 NAS-Identifier = dhlab_3com State = 0x0c24a22194018da936facb78fe3ceaf8 EAP-Message = 0x0207001d19001703010012f1bdeccdf36c88896d25284d609126cdf8ac Message-Authenticator = 0x48bcf0174488515db7aab6c2b9615e3d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 modcall[authorize]: module mschap returns noop for request 6 rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 rlm_eap: EAP packet type response id 7 length 29 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 6 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for dhesse radius_xlat: '(uid=dhesse)' radius_xlat: 'o=StormLake' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) rlm_ldap: Added the eDirectory password in check items