I'm trying to configure freeradius2.0.3 to authenticate wireless users against AD. I followed the steps as mentioned in http://deployingradius.com/ and installation document still not working. The ntlm_auth command is success and it lists the users and groups from AD using wbinfo -u and wbinfo -g. Now i see new error message after reconfiguring freeradius server, issue with SSL. Installed CA.der certificate alone on the windows xp supplicant, i didnt generate individual client certificate as i dont want the users to be have less task to configure wireless . As per my understanding and in previous freeradius it worked this way installing root.der certificate alone and without individual supplicant certificate. I'm unable to authenticate the users against AD. can someone throw some light here. Attached the log message. snip => rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization TLS_accept: SSLv3 read client hello A TLS_accept: SSLv3 write server hello A TLS_accept: SSLv3 write certificate A TLS Alert write:fatal:handshake failure TLS_accept:error in SSLv3 write key exchange A rlm_eap: SSL error error:1409B0AC:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:missing tmp rsa key rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [DOMAIN\\kartthikr/<via Auth-Type = EAP>] (from client 10.20.0.0 port 60 cli 0014a526c319)