Gday, Looking at the documentation in the eap file, I find this: # A temporary directory where the client # certificates are stored. This directory # MUST be owned by the UID of the server, # and MUST not be accessible by any other # users. When the server starts, it will do # "chmod go-rwx" on the directory, for # security reasons. The directory MUST # exist when the server starts. # # You should also delete all of the files # in the directory when the server starts. # # Note that, on Linux systems with systemd, the # /tmp directory may be restricted. In this case # it may be best to use `${run_dir}/tmp` here # and create the temporary directory with the # systemd `RuntimeDirectory` unit option. # # tmpdir = /tmp/radiusd The directory (tmp/radiusd) does not exist in the freeradius docker image, as far as I can tell. 1. Do I need to make that directory for EAP-TLS to work? 2. If question 1 is yes, then is tmp/radiusd created in the root directory? 3. If question 2 is no, where should tmp/radiusd be created? 4. " You should also delete all of the files in the directory when the server starts." Is when before or after or either? So should the files be deleted before starting the server or after the server is started or it doesn't matter? Best regards, Kat -- The OpenPGP_*.asc file attached to this email is a digital certificate to show whether or not this email has been modified after it has been sent. It is a security measure to warn of any man in the middle cyber attack. Your email client should be checking it and warning if any modifications have been made. If you see this signature but not the file, please let me know.