Hi, I'm new to Freeradius, and the concepts behind Radius and network security in general also, so I'm not sure if this is normal or not. I've configured Freeradius so that I can authenticate Windows XP clients on our wireless network through a Linux server's /etc/passwd file. The problem is that authenticating takes around 20 seconds. While running the server in a terminal with the -X flag, I see that my Windows XP client first makes one TLS request, then waits ~20 seconds, then makes two more TLS requests and four TTLS requests all together taking less than one second. After these last six requests the client is immediately online. Can anyone hint me on why the client waits for so long before doing the requests it needs? Is my Freeradius server erroneously defaulting the client to use TLS instead of TTLS, and confusing the client? I've written a radiusd.conf from scratch, so that the server only runs the modules I actually use, hoping this is safer and easier to administrate. Please feedback if anyone have any comments on this approach. Note that the problem described above is also a there with the huge bundled stock configuration file. The configuration is as follows: ##################################################################### prefix = /usr localstatedir = /var logdir = /var/log/radius checkrad = "/usr/sbin/checkrad" pidfile = "/var/run/radiusd/radiusd.pid" max_requests = 2048 bind_address = * cleanup_delay = 2 user = radiusd group = radiusd security { max_attributes = 200 reject_delay = 1 status_server = no } thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { unix { } pap { } eap { default_eap_type = ttls tls { private_key_file = /etc/raddb/server.tld.pem certificate_file = /etc/raddb/server.tld.pem CA_file = /etc/raddb/server.tld.pem dh_file = /etc/raddb/dh random_file = /etc/raddb/random fragment_size = 1024 include_length = yes } ttls { } } files { usersfile = /etc/raddb/users acctusersfile = /etc/raddb/acct_users preproxy_usersfile = /etc/raddb/preproxy_users compat = no } } authorize { eap files } authenticate { Auth-Type PAP { pap } unix eap } client x.x.x.x { secret = xxxx shortname = accesspoint01 nastype = other } ##################################################################### Any hints greatly appreciated! Thank you very much :-) Regards, Allan Boll - student and network administrator at a dorm ;-)