Hi Ivan, Here is the output of the RADIUSD -X [root@cl-radius ~]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/eap.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) realm: format = "prefix" realm: delimiter = "\" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (ntdomain) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.10.2.174:21645, id=165, length=181 User-Name = "host/sqlwebdev.corp.cookielee.com" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-0F-34-A8-FB-0A" Calling-Station-Id = "00-14-38-A7-F4-2B" EAP-Message = 0x0202002601686f73742f73716c7765626465762e636f72702e636f6f6b69656c65652e636f6d Message-Authenticator = 0x6c001337c02e78516e0e2aa23aa551ef NAS-Port = 50010 NAS-Port-Type = Ethernet NAS-IP-Address = 10.10.2.174 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "host/sqlwebdev.corp.cookielee.com", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_realm: No '\' in User-Name = "host/sqlwebdev.corp.cookielee.com", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 165 to 10.10.2.174 port 21645 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x586ce0d49898e2796b78e79ec0b2fef3 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.2.174:21645, id=165, length=181 Sending duplicate reply to client 10.10.2.174:21645 - ID: 165 Re-sending Access-Challenge of id 165 to 10.10.2.174 port 21645 --- Walking the entire request list --- Cleaning up request 0 ID 165 with timestamp 46782ad7 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.10.2.174:21645, id=166, length=181 User-Name = "host/sqlwebdev.corp.cookielee.com" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-0F-34-A8-FB-0A" Calling-Station-Id = "00-14-38-A7-F4-2B" EAP-Message = 0x0202002601686f73742f73716c7765626465762e636f72702e636f6f6b69656c65652e636f6d Message-Authenticator = 0x57923ccc37781e9907512c6f43cef272 NAS-Port = 50010 NAS-Port-Type = Ethernet NAS-IP-Address = 10.10.2.174 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "host/sqlwebdev.corp.cookielee.com", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_realm: No '\' in User-Name = "host/sqlwebdev.corp.cookielee.com", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 166 to 10.10.2.174 port 21645 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9c1edda1e285bd67cd9e264d2c2a43d2 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.2.174:21645, id=166, length=181 Sending duplicate reply to client 10.10.2.174:21645 - ID: 166 Re-sending Access-Challenge of id 166 to 10.10.2.174 port 21645 --- Walking the entire request list --- Cleaning up request 1 ID 166 with timestamp 46782b20 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.10.2.174:21645, id=166, length=181 User-Name = "host/sqlwebdev.corp.cookielee.com" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-0F-34-A8-FB-0A" Calling-Station-Id = "00-14-38-A7-F4-2B" EAP-Message = 0x0202002601686f73742f73716c7765626465762e636f72702e636f6f6b69656c65652e636f6d Message-Authenticator = 0x57923ccc37781e9907512c6f43cef272 NAS-Port = 50010 NAS-Port-Type = Ethernet NAS-IP-Address = 10.10.2.174 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "host/sqlwebdev.corp.cookielee.com", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_realm: No '\' in User-Name = "host/sqlwebdev.corp.cookielee.com", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 166 to 10.10.2.174 port 21645 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6aea15319877954c01899ceb8f35cd5d Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.2.174:21645, id=166, length=181 Sending duplicate reply to client 10.10.2.174:21645 - ID: 166 Re-sending Access-Challenge of id 166 to 10.10.2.174 port 21645 --- Walking the entire request list --- Cleaning up request 2 ID 166 with timestamp 46782b2b Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.10.2.174:21645, id=167, length=137 User-Name = "CORP\\bugman" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-0F-34-A8-FB-0A" Calling-Station-Id = "00-14-38-A7-F4-2B" EAP-Message = 0x0202001001434f52505c6275676d616e Message-Authenticator = 0x38e2f68ebda0a5f0f55f94b1fe3ad839 NAS-Port = 50010 NAS-Port-Type = Ethernet NAS-IP-Address = 10.10.2.174 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "CORP\bugman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_realm: Looking up realm "CORP" for User-Name = "CORP\bugman" rlm_realm: No such realm "CORP" modcall[authorize]: module "ntdomain" returns noop for request 3 rlm_eap: EAP packet type response id 2 length 16 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 167 to 10.10.2.174 port 21645 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa8ae9293037f9137daaaf1f4b61cc0f5 Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.2.174:21645, id=167, length=137 Sending duplicate reply to client 10.10.2.174:21645 - ID: 167 Re-sending Access-Challenge of id 167 to 10.10.2.174 port 21645 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 167 with timestamp 46782ba6 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.10.2.174:21645, id=167, length=137 User-Name = "CORP\\bugman" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-0F-34-A8-FB-0A" Calling-Station-Id = "00-14-38-A7-F4-2B" EAP-Message = 0x0202001001434f52505c6275676d616e Message-Authenticator = 0x38e2f68ebda0a5f0f55f94b1fe3ad839 NAS-Port = 50010 NAS-Port-Type = Ethernet NAS-IP-Address = 10.10.2.174 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "CORP\bugman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_realm: Looking up realm "CORP" for User-Name = "CORP\bugman" rlm_realm: No such realm "CORP" modcall[authorize]: module "ntdomain" returns noop for request 4 rlm_eap: EAP packet type response id 2 length 16 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 167 to 10.10.2.174 port 21645 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa270cc6b99660c3c2cae5de5fdbfda61 Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.2.174:21645, id=167, length=137 Sending duplicate reply to client 10.10.2.174:21645 - ID: 167 Re-sending Access-Challenge of id 167 to 10.10.2.174 port 21645 --- Walking the entire request list --- Cleaning up request 4 ID 167 with timestamp 46782bb0 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.10.2.174:21645, id=168, length=137 User-Name = "CORP\\bugman" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-0F-34-A8-FB-0A" Calling-Station-Id = "00-14-38-A7-F4-2B" EAP-Message = 0x0202001001434f52505c6275676d616e Message-Authenticator = 0xc99fddd5d26268a110ee68d3ccba91d0 NAS-Port = 50010 NAS-Port-Type = Ethernet NAS-IP-Address = 10.10.2.174 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "CORP\bugman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_realm: Looking up realm "CORP" for User-Name = "CORP\bugman" rlm_realm: No such realm "CORP" modcall[authorize]: module "ntdomain" returns noop for request 5 rlm_eap: EAP packet type response id 2 length 16 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 168 to 10.10.2.174 port 21645 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x77b7e7cdda3989a1b128b7d5334311c2 Finished request 5 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.2.174:21645, id=168, length=137 Sending duplicate reply to client 10.10.2.174:21645 - ID: 168 Re-sending Access-Challenge of id 168 to 10.10.2.174 port 21645 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 168 with timestamp 46782bf8 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.10.2.174:21645, id=168, length=137 User-Name = "CORP\\bugman" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-0F-34-A8-FB-0A" Calling-Station-Id = "00-14-38-A7-F4-2B" EAP-Message = 0x0202001001434f52505c6275676d616e Message-Authenticator = 0xc99fddd5d26268a110ee68d3ccba91d0 NAS-Port = 50010 NAS-Port-Type = Ethernet NAS-IP-Address = 10.10.2.174 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "CORP\bugman", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_realm: Looking up realm "CORP" for User-Name = "CORP\bugman" rlm_realm: No such realm "CORP" modcall[authorize]: module "ntdomain" returns noop for request 6 rlm_eap: EAP packet type response id 2 length 16 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 168 to 10.10.2.174 port 21645 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6b41a15d99600d47f03b461bf870cbb6 Finished request 6 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.2.174:21645, id=168, length=137 Sending duplicate reply to client 10.10.2.174:21645 - ID: 168 Re-sending Access-Challenge of id 168 to 10.10.2.174 port 21645 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 6 ID 168 with timestamp 46782c03 Nothing to do. Sleeping until we see a request. No. I mean this: # If you see the server send an Access-Challenge, # and the client never sends another Access-Request, # then # # STOP! # # The server certificate has to have special OID's # in it, or else the Microsoft clients will silently # fail. See the "scripts/xpextensions" file for # details, and the following page: # # http://support.microsoft.com/kb/814394/en-us # # For additional Windows XP SP2 issues, see: # # http://support.microsoft.com/kb/885453/en-us # # Note that we do not necessarily agree with their # explanation... but the fix does appear to work. What you have posted is just a snip of the whole conversation. If it is the end of it then this is most likely your problem. But to be sure you need to post the whole thing. Ivan Kalik Kalik Infprmatika ISP -- View this message in context: http://www.nabble.com/Need-help-with-802.1X-authentication-to-Active-Directo... Sent from the FreeRadius - User mailing list archive at Nabble.com.