This only happens every once and awhile, not sure why. Here's a log file of the authentication. Not one specific supplicant fails, but this one happens to be OS X 10.3. Others include SP2. Any reason or should I blame this on the client? Also I'm reloading radiusd with kill -HUP pid every 15 minutes to load a CRL, is that really required or can I get away with not reloading it? Here's an auth fail. Fri Sep 30 11:57:04 2005 : Info: rlm_eap_tls: Length Included Fri Sep 30 11:57:04 2005 : Error: TLS_accept:error in SSLv3 read client certificate A Fri Sep 30 11:57:04 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK message Fri Sep 30 11:57:04 2005 : Info: rlm_eap_tls: Received EAP-TLS First Fragment of the message Fri Sep 30 11:57:04 2005 : Info: rlm_eap_tls: More fragments to follow Fri Sep 30 11:57:04 2005 : Info: (other): SSL negotiation finished successfully Fri Sep 30 11:57:35 2005 : Info: rlm_eap_tls: Length Included Fri Sep 30 11:57:35 2005 : Error: TLS_accept:error in SSLv3 read client hello C Fri Sep 30 11:57:35 2005 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Fri Sep 30 11:57:35 2005 : Error: rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails. Fri Sep 30 11:57:35 2005 : Auth: Login incorrect: [wpa-tester.wv.cc.cmu.edu/<no User-Password attribute>] (from client access-points port 360 cli xxxx.xxxx.xxxx