Hi, I'm trying to setup freeradius to authenticate users of my wireless networks and I'm facing some problems. I've tried to follow the guide located at http://www.tldp.org/HOWTO/8021X-HOWTO/ , which explains exactly the setup I would like (that is, authentication with username / password credentials). So I've setup freeradius like explained (I've already have everything needed for ssl, CA root certificate and server certificate), and I've configured my access point to use my radius server. So when I try to login, for example with wpa_supplicant, it tolds me that authentication with MSCHAPv2 went ok, and then 30 seconds later it says "Authentication timed out", and it tries to re authenticate. So I'm able to use my wireless network 30 seconds only (for example if I start up a dhcp client then I get an IP) before I'm re authenticated. I've also tried with a Windows XP client, and it continues asking me my credentials. Here is what is displayed in the logs (without verbose mode): Error: TLS_accept:error in SSLv3 read client certificate A Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Info: rlm_eap_mschapv2: Issuing Challenge So does someone have a working freeradius configuration to share with me ? Or some tips to get it working ? Thanks in advance, Reynald Borer P.S: I'm using debian so I've recompiled freeradius to link against libssl P.S2: I've attached my freeradius config files (modified parts only). Complete files are available at http://www.borer.name/files/index.php?dir=radius/ eap { default_eap_type = peap ## default_eap_type = tls timer_expire = 60 ignore_unknown_eap_types = yes cisco_accounting_username_bug = no tls { #private_key_password = whatever private_key_file = ${raddbdir}/certs/bob.keyunsecure.pem certificate_file = ${raddbdir}/certs/newcert.pem CA_file = ${raddbdir}/certs/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = /dev/urandom fragment_size = 1024 include_length = yes } ttls { default_eap_type = md5 use_tunneled_reply = no } peap { default_eap_type = mschapv2 } mschapv2 { } } mschap { use_mppe = yes require_encryption = yes require_strong = yes #with_ntdomain_hack = no #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" authtype = MS-CHAP } authorize { preprocess mschap suffix # ntdomain eap files } authenticate { Auth-Type MS-CHAP { mschap } eap }