I created once again certs by myself, giving common name for user cert the same like in example user@example.com, I place them on xp client - both of them looks ok, now something is happening (anyway like Aragorn said: "still not king"):
Ready to process requests. rad_recv: Access-Request packet from host 192.168.5.206 port 1812, id=206, length=147 ... User-Name = "user@example.com" ... [suffix] Found realm "example.com" [suffix] Adding Stripped-User-Name = "user" [suffix] Adding Realm = "example.com" [suffix] Proxying request from user user to realm example.com [suffix] Preparing to proxy authentication request to realm "example.com" ++[suffix] returns updated ... Sending Access-Request of id 14 to 127.0.0.1 port 1812 ... User-Name = "user" ... Found Auth-Type = EAP +- entering group authenticate {...} [eap] Identity does not match User-Name, setting from EAP Identity. ...
Don't strip the username. Why do you proxy this anyway? Create it as a local realm: realm example.com { } Ivan Kalik Kalik Informatika ISP