Hi I got some problems getting EAP to work with Cisco Aironet 1100 and Freeradius. I've gotten freeradius to work I think and I have configured Cisco Aironet 1100 AP according to Cisco. (http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configu ration_example09186a00801bd035.shtml) (http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configu ration_example09186a00801c40b6.shtml#NetEAP) When I try to connect too my WLAN with my testuser. (User: testuser, Password: Secret149) it won't authenticate. I've configured freeradius to use PEAP-MSCHAPv2. Anyone able to help me out? Regards, Torkel This is the log I get when i run radiusd -X: rad_recv: Access-Request packet from host 10.0.0.1:21645, id=65, length=133 User-Name = "testuser" Framed-MTU = 1400 Called-Station-Id = "000e.8401.cd50" Calling-Station-Id = "0011.0a80.41d1" Message-Authenticator = 0x194f32c82aa7088f53cdfc8ac8a36151 EAP-Message = 0x0202000d017465737475736572 NAS-Port-Type = Wireless-802.11 NAS-Port = 478 Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "testAP" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 63 modcall[authorize]: module "preprocess" returns ok for request 63 modcall[authorize]: module "chap" returns noop for request 63 modcall[authorize]: module "mschap" returns noop for request 63 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 63 rlm_eap: EAP packet type response id 2 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 63 users: Matched entry testuser at line 90 modcall[authorize]: module "files" returns ok for request 63 modcall: group authorize returns updated for request 63 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 63 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 63 modcall: group authenticate returns handled for request 63 Sending Access-Challenge of id 65 to 10.0.0.1:21645 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x67a4b4a551592fcc14469ef9c70a4601 Finished request 63 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21645, id=66, length=218 User-Name = "testuser" Framed-MTU = 1400 Called-Station-Id = "000e.8401.cd50" Calling-Station-Id = "0011.0a80.41d1" Message-Authenticator = 0xd5957923efcbfe4c3ee547a066e21d0a EAP-Message = 0x0203005019800000004616030100410100003d0301435f8f34c71e673ecee95256802f 571c6bfa86eaa89728f7d7f782809ef0f82600001600040005000a000900640062000300 060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 478 State = 0x67a4b4a551592fcc14469ef9c70a4601 Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "testAP" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 64 modcall[authorize]: module "preprocess" returns ok for request 64 modcall[authorize]: module "chap" returns noop for request 64 modcall[authorize]: module "mschap" returns noop for request 64 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 64 rlm_eap: EAP packet type response id 3 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 64 users: Matched entry testuser at line 90 modcall[authorize]: module "files" returns ok for request 64 modcall: group authorize returns updated for request 64 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 64 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0654], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 64 modcall: group authenticate returns handled for request 64 Sending Access-Challenge of id 66 to 10.0.0.1:21645 EAP-Message = 0x0104040a19c0000006b1160301004a020000460301435f8f1b11c01e5389f06ab78215 4f3759e70cc9bb2b320d320ab9c656d33f6e205816b685a712ff840d91baa1dbf8b9c0ec 209492aecf22425643fafe1541596d00040016030106540b00065000064d0002b3308202 af30820218a003020102020900b646b246bff02a86300d06092a864886f70d0101040500 30818d310b3009060355040613024e4f310d300b060355040813044f534c4f310d300b06 0355040713044f534c4f310f300d060355040a130642425320415331133011060355040b 130a66726565726164697573311b301906035504031312436c69656e7420636572746966 6963 EAP-Message = 0x617465311d301b06092a864886f70d010901160e726f6f74406c6f63616c686f737430 1e170d3035313032363132333432385a170d3036313032363132333432385a30818b310b 3009060355040613024e4f310d300b060355040813044f534c4f310d300b060355040713 044f534c4f310f300d060355040a130642425320415331133011060355040b130a667265 657261646975733119301706035504031310526f6f74206365727469666963617465311d 301b06092a864886f70d010901160e726f6f74406c6f63616c686f737430819f300d0609 2a864886f70d010101050003818d0030818902818100eead5285b5e9f7b939a2dfc1b7fe f60a EAP-Message = 0xbd055de0ba27b2ef81244e0eabad60241727ff5fc724f36147d08ea5f9e3f0110dfb5a 2397c3906a00ab8eb28509e4a672b2c948c0b8007785f550b3908c2f49d7a113d6e7198d 9606e567fc38be816fb2acf60f18bfe56d0617ff7e651439ce9c8ed40363b5b1e4d0d96f 59a468a6650203010001a317301530130603551d25040c300a06082b0601050507030130 0d06092a864886f70d01010405000381810050aa5f1713a5025d21f128094104579eb85a 9ded57072baf72b2c0e3fbea766eb53c62e9bc2a5d1bc22f2615cc1fe88487e2d0b7e5ea a045a8ae1734a85f28e6cd70d3340c2a51bfe7b974c13b9a1a4abebe373312d1d4b987e3 2368 EAP-Message = 0x1edad7e4a54456fd7989e901485e9f2fcf7e8ed8e57fae97fb2fdd1fba5a50c683b7da 7f00039430820390308202f9a003020102020900b646b246bff02a84300d06092a864886 f70d010104050030818d310b3009060355040613024e4f310d300b060355040813044f53 4c4f310d300b060355040713044f534c4f310f300d060355040a13064242532041533113 3011060355040b130a66726565726164697573311b301906035504031312436c69656e74 206365727469666963617465311d301b06092a864886f70d010901160e726f6f74406c6f 63616c686f7374301e170d3035313032363132333432335a170d30373130323631323334 3233 EAP-Message = 0x5a30818d310b3009060355040613024e4f310d300b06 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd8223ab2cc29f1f3ad13843d71797409 Finished request 64 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21645, id=67, length=144 User-Name = "testuser" Framed-MTU = 1400 Called-Station-Id = "000e.8401.cd50" Calling-Station-Id = "0011.0a80.41d1" Message-Authenticator = 0xcc2b18df4d9f3ad232f1d712d0fefa45 EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 478 State = 0xd8223ab2cc29f1f3ad13843d71797409 Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "testAP" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 65 modcall[authorize]: module "preprocess" returns ok for request 65 modcall[authorize]: module "chap" returns noop for request 65 modcall[authorize]: module "mschap" returns noop for request 65 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 65 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 65 users: Matched entry testuser at line 90 modcall[authorize]: module "files" returns ok for request 65 modcall: group authorize returns updated for request 65 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 65 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 65 modcall: group authenticate returns handled for request 65 Sending Access-Challenge of id 67 to 10.0.0.1:21645 EAP-Message = 0x010502b719000355040813044f534c4f310d300b060355040713044f534c4f310f300d 060355040a130642425320415331133011060355040b130a66726565726164697573311b 301906035504031312436c69656e74206365727469666963617465311d301b06092a8648 86f70d010901160e726f6f74406c6f63616c686f737430819f300d06092a864886f70d01 0101050003818d0030818902818100bb9dc7f9a6b879ddde091ded35f3137693d1a9fa9d 2e2f1e20e1e49c9daf077fd1c4066e8e409eda68baac046ff390baedad93e603fdde7304 6df106c9c3775eb0e024a2682faf6469e778758b9c782a11ad0dcc25edca8f9efdee96cc c1bc EAP-Message = 0x84850d853d4435da9ab22ec6c3dc4e6d9137e0ec36d705c923055aa8b900d833350203 010001a381f53081f2301d0603551d0e04160414227f0709429785a3169b9817627cd456 d617f2283081c20603551d230481ba3081b78014227f0709429785a3169b9817627cd456 d617f228a18193a4819030818d310b3009060355040613024e4f310d300b060355040813 044f534c4f310d300b060355040713044f534c4f310f300d060355040a13064242532041 5331133011060355040b130a66726565726164697573311b301906035504031312436c69 656e74206365727469666963617465311d301b06092a864886f70d010901160e726f6f74 406c EAP-Message = 0x6f63616c686f7374820900b646b246bff02a84300c0603551d13040530030101ff300d 06092a864886f70d0101040500038181001fb7ec3488fd3b6349d6cc33b5c6451ce1c2e8 ef8db6f4818cd017991f9649141c1767553c20303e262fec4bb351cda19b403bab78aa37 236ffc78dace1a39089ff037eb911a5133bc6b1f0275cc9e68bc4c8f487a4d2cdc8e7061 34e512d7e715ca81c5a7bb6cc668ca8181e898befeab40773de8f3eb6629ecd2c79d5f74 f116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6a28407c14613e4bb49a5c41aab60bfd Finished request 65 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21645, id=68, length=144 User-Name = "testuser" Framed-MTU = 1400 Called-Station-Id = "000e.8401.cd50" Calling-Station-Id = "0011.0a80.41d1" Message-Authenticator = 0x9a39ada2dab238ef570b8dc1dd3f3b6c EAP-Message = 0x020500061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 478 State = 0x6a28407c14613e4bb49a5c41aab60bfd Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "testAP" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 66 modcall[authorize]: module "preprocess" returns ok for request 66 modcall[authorize]: module "chap" returns noop for request 66 modcall[authorize]: module "mschap" returns noop for request 66 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 66 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 66 users: Matched entry testuser at line 90 modcall[authorize]: module "files" returns ok for request 66 modcall: group authorize returns updated for request 66 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 66 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 66 modcall: group authenticate returns handled for request 66 Sending Access-Challenge of id 68 to 10.0.0.1:21645 EAP-Message = 0x010600061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x029cb84784a586178ecaa439ab2c98ab Finished request 66 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 63 ID 65 with timestamp 435f8f1b Cleaning up request 64 ID 66 with timestamp 435f8f1b Cleaning up request 65 ID 67 with timestamp 435f8f1b Cleaning up request 66 ID 68 with timestamp 435f8f1b Nothing to do. Sleeping until we see a request.