Hi,
ok (you guys propably hate me :) but please could you still give me the answers as you did before) but back to the subject: I did like you said, I installed 2.0.4 version (compiled using suggestions from: http://www.fatofthelan.com/articles/articles.php?pid=27 http://www.linuxinsight.com/building-debian-freeradius-package-with-eap-tls-...)
you are using an old version, you are using random 3rd party instructions of dubious dates and knowledge.
first one: when I open properites of client certificate on XP using mmc-certificates console I have the information that "Windows doesnt have enough information to verify this certificate" "You have proper private key to this certificate" (it is non-english system so its translation but I think translation is ok)
this means you didnt install the CA - ensure you've added it to the trusted CA list in the system - use the certificate MMC Snapin.
second one:
original packet has this:
User-Name = "user@example.com"
this is then proxied to the system handling example.com:
rlm_realm: Looking up realm "example.com" for User-Name = " user@example.com" rlm_realm: Found realm "example.com" rlm_realm: Adding Stripped-User-Name = "user" rlm_realm: Adding Realm = "example.com" rlm_realm: Proxying request from user user to realm example.com rlm_realm: Preparing to proxy authentication request to realm " example.com" ++[suffix] returns updated
..which then says this:
rlm_eap: Identity does not match User-Name, setting from EAP Identity. rlm_eap: Failed in handler
so..somewhere along the line you are playing with the User-Name attribute...something which you cannot do with EAP - if you take a standard 2.1.6 install and make the basic changes to your eap.conf and clients.conf it will work. alan