rad_recv: Access-Request packet from host 10.0.16.4 port 1645, id=6, length=136 User-Name = "test" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9d00" Calling-Station-Id = "001f.3c22.44c5" Service-Type = Login-User Message-Authenticator = 0x8185244a1739d905761d97635ccde126 EAP-Message = 0x020100090163657274 NAS-Port-Type = Wireless-802.11 NAS-Port = 262 NAS-IP-Address = 10.0.16.4 NAS-Identifier = "ap" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry cert at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 6 to 10.0.16.4 port 1645 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7c9adf3b7cba0f54e6f2b406f75dfd7 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 6 with timestamp +5 Ready to process requests. -------- this error is with the supplicant "wire1" but... when the supplicant is "Intel PROset wireless" the error is this: rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=2, length=136 User-Name = "cert" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.674a" Service-Type = Login-User Message-Authenticator = 0xba5587f920826e2bd4beb4695b9be3de EAP-Message = 0x020100090163657274 NAS-Port-Type = Wireless-802.11 NAS-Port = 259 NAS-IP-Address = 10.0.31.40 NAS-Identifier = "ap-Reconquista-31" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "cert", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry cert at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 2 to 10.0.31.40 port 1645 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x45047f1b45067264424db5b65333fec0 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.31.40 port 1645, id=3, length=255 User-Name = "cert" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.674a" Service-Type = Login-User Message-Authenticator = 0x565fba63fe92ec25bb27dc9b7cd35351 EAP-Message = 0x0202006e0d8000000064160301005f0100005b0301492d8813d8442284e62309c1463f24d6bd6dff31a5a199dee31582cbb9fa140400003400390038003500160013000a00330032002f006600050004006500640063006200610060001500120009001400110008000600030100 NAS-Port-Type = Wireless-802.11 NAS-Port = 259 State = 0x45047f1b45067264424db5b65333fec0 NAS-IP-Address = 10.0.31.40 NAS-Identifier = "ap-Reconquista-31" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "cert", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 110 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry cert at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS TLS Length 100 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0849], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00a3], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 3 to 10.0.31.40 port 1645 EAP-Message = 0x010304000dc000000b57160301004a020000460301492d88149171a0d9fd6597a004574b6ff645784cfb233487f6a1178e983db8b9202849854d8af6a3dea84919340635e06d602786b93c1fe23e19cdfced138f4ce100390016030108490b00084500084200039d3082039930820281a003020102020101300d06092a864886f70d010104050030818f310b3009060355040613024152311530130603550408130c4275656e6f73204169726573311430120603550407130b5265636f6e717569737461310e300c060355040a130549504c414e3124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e6172311d30 EAP-Message = 0x1b06035504031314436572746966696361646f205261646975734954301e170d3038313131383139303732335a170d3039313131383139303732335a3077310b3009060355040613024152311530130603550408130c4275656e6f73204169726573310e300c060355040a130549504c414e311b3019060355040313125365727665722043657274696669636174653124302206092a864886f70d01090116156d73696c7665726f4069706c616e2e636f6d2e617230820122300d06092a864886f70d01010105000382010f003082010a0282010100a3214e2a03be37b3b6da8eff4fae6c7842f472aeb12bba75eb5562cddb7952a6ae61663f628df1 EAP-Message = 0x2d1991b857f64a16e911276e3d6bcda584cbedf6869c19b871e9d8885955316739815ffee397c766ef9dd324f5eab40e761981f957447f775aa6fbb54d3524b76c08619fc3ebb786fa8347e080fd1512f9e04f4a0233cbe0c8a43efc96df5ac94f8a5270d4ff7fab98d04e464d1db1c53e62d412b0aca7f5a93e1e7386f65279b8dced42895115acecb76d0c619308bf79489223bdf468c6dff08d3ed46c2ed01398ee13207a187e36c82aa3b67679ce0278a9d89ec043ad8500eee052d4b5376a1d1c26153ccda064fdcf7bb2f6a1ad60fb34419705b89e650203010001a317301530130603551d25040c300a06082b06010505070301300d06092a86 EAP-Message = 0x4886f70d0101040500038201010098f1873453c3f3d52defa937a6a5ef9582a20758059e5aa37c451910b3b1a1823338a62070943b943c1f14aff489d62b163dccf164d7d60392a72d689778f6487087c8bc71ef77630065e987ec37c7fcccb2df32c6ca508a1f5a244c26a6b2e4d2ffbc6b9caa8b0676aace623b008ca88a0a1bc790e20110afca82544e136e9f6b748dcfa422a59fc780f9e59c29aba4163fe428b6a5090afb244d0d66ae5908f53ceaf6f4f21344372513726077ba93bafe985a2dd3107983de3ad686dfec2d78ef34c76148f6329cd5d00c8543803f27fe221df19d90465e602e4e0e1909d38cd03b108b5bb0f7bdc402f6cddfbf EAP-Message = 0xb7420732d3d7b3e2232b37fd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x45047f1b44077264424db5b65333fec0 Finished request 2. Going to the next request Waking up in 4.3 seconds. ----------------------------- any suggestions? many thanks!