Folks, I'm repeating this message incase people thought it was not the original. I had the Fw: on the front of the subject. I'm trying to get TTLS/PAP working using freeradius 1.0.4. I must have it configured incorrectly because its giving a Segmentation fault just before giving the Access-Accept & EAP-Success back to the switch. I have searched the archives for a solution but not found help to sort my problem out. I have played around with the configuration but don't fully understand what I'm doing. Could someone point me to a place where I can read and understand how the authenticate and autorize sections work. The explanation in the radiusd.conf file don't seem to click with me. I don't understand is why the modcall[authorise] appear often in request processing before modcall[authenticate]. I thought the order was to authenticate a user and then once we are sure they are who they say they are then we authorise them to use the network. Thanks for any help, Martin. radiusd.conf ................ authenticate { Auth-Type PAP { pap } eap } authorize { preprocess eap files } Users file...................... "Client certificate" Auth-Type := Local, User-Password == "bradley" Service-Type = Framed-User, Framed-Compression = Van-Jacobsen-TCP-IP Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 users: Matched entry DEFAULT at line 162 modcall[authorize]: module "files" returns ok for request 3 rlm_eap: EAP packet type response id 34 length 200 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type System rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'anonymous' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 TLS_accept: SSLv3 read client key exchange A TLS_accept: SSLv3 read finished A TLS_accept: SSLv3 write change cipher spec A TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 34 to 10.230.199.248:1126 EAP-Message = 0x0123003d15800000003314030100010116030100288b7a33f454f760f4cddff2f95941 b215a6f3d73b5e422d1744b2201bee31448f10dc78f33f354476 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x49b28c5e2307f384db00487f11336474 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.230.199.248:1126, id=35, length=248 User-Name = "anonymous" NAS-IP-Address = 10.230.199.248 NAS-Port = 2 State = 0x49b28c5e2307f384db00487f11336474 Calling-Station-Id = "00:06:5b:d6:ff:24" NAS-Identifier = "radius-netgear" NAS-Port-Type = Ethernet EAP-Message = 0x02230078150017030100189e2c7d7fea093fe36d2ad301f92cc2ef4cba50563b00a0a8 1703010050b5955c43a5cd51375cebde00ed386a2f4273385aa3f6b0b2c6f7e15b73a75e e8f64e15abdca0a875fd3408d3ce811a76580cee45fc540215f84bcc2f99a95cc5199a36 da952c0a76243f7f7645f4327b Message-Authenticator = 0x3ddd5d8d65f10f4a26c7db7ab52a96db X-Ascend-Token-Idle = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 users: Matched entry DEFAULT at line 162 modcall[authorize]: module "files" returns ok for request 4 rlm_eap: EAP packet type response id 35 length 120 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type System rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'anonymous' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 users: Matched entry Client certificate at line 90 modcall[authorize]: module "files" returns ok for request 4 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 4 modcall: group authorize returns ok for request 4 auth: type Local auth: user supplied User-Password matches local User-Password TTLS: Got tunneled Access-Accept Segmentation fault [root@mars raddb]# - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html