Hi I sent an email to the list with the subject "EAP PEAP, unable to load certificate", but as the subject has changed slightly, I've decided to create a new thread. Has anyone had any issues at all when setting up PEAP? My FreeRADIUS installation, which is used for ADSL/Dial Up AAA (and if I can get it working Wireless AAA), crashes as a wireless client tries to authenticate, but is fine for DSL/Dial Up. I'm running FreeRADIUS 1.1.1 (OpenSSL 0.9.7e-p1 25 Oct 2004). Running on: FreeBSD radius02.01.net.nz 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Wed Nov 2 22:33:15 UTC 2005 root@s-dallas.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC sparc64 FreeRADIUS confuration line: ./configure --sysconfdir=/etc --localstatedir=/var --disable-ltdl-install --with-ltdl-include=/usr/local/include --with-ltdl-lib=/usr/local/lib --with-large-files --with-rlm_sql_unixodbc --without-rlm_krb5 --without-rlm_sql_postgresql --without-rlm_ldap --enable-strict-dependencies --disable-shared --with-openssl-includes=/usr/local/include/openssl --with-openssl-libraries=/usr/local/lib Here is the radiusd -XA output when a wireless user tries to authenticate: Ready to process requests. rad_recv: Access-Request packet from host 10.10.1.199:1812, id=5, length=73 User-Name = "nick" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02010009016e69636b NAS-IP-Address = 10.10.1.199 Message-Authenticator = 0x44a4bae6e408185535e54b666e440793 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "nick", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 radius_xlat: 'nick' rlm_sql (sql): sql_set_user escaped user --> 'nick' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'nick' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName, radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'nick' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName, radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 5 to 10.10.1.199 port 1812 Framed-IP-Address := 10.10.1.197 Service-Type := Framed-User Framed-Protocol := PPP Acct-Interim-Interval := 600 Framed-IP-Netmask := 255.255.255.0 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x441787b224b2cade909f815da10d28a2 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.1.199:1812, id=6, length=156 User-Name = "nick" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202004a198000000040160301003b010000370301d47428dbffab776a5aa27dd1f3ae43b58ba88be83f19c437a92b5e416c87ecf600001000040005000a000900640062000300060100 State = 0x441787b224b2cade909f815da10d28a2 NAS-IP-Address = 10.10.1.199 Message-Authenticator = 0xd35a0b343af33d868016f1faa2c401ca Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "nick", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 74 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 radius_xlat: 'nick' rlm_sql (sql): sql_set_user escaped user --> 'nick' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'nick' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName, radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'nick' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName, radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'nick' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization Segmentation fault: 11 (core dumped) root@radius02 [/etc/raddb]# Any help at all would be much appreciated, as I have spent hours (and days even) on researching the causes and have found nothing. I know FreeRADIUS is quite capable of doing PEAP, so it must somehow be my configuration. Let me know if there's any info I've left out. -- Regards, Nick Larsen Wellington NEW ZEALAND