Hi, I am new to FR... I was able to get freeradius to work with EAP-MD5 passwords using an XP client. I can not seem to get free raidus working with Certs. I need some help debugging the issue. radiusd -v radiusd: FreeRADIUS Version 2.0.1, for host i386-pc-solaris2.9, built on May 1 2008 at 16:01:29 version OpenSSL 0.9.8g 19 Oct 2007 I have patched the XP system per the FR howto... I seem to have certs created right? But no authentication... I've tried googl'n the issue, but I need a little more help understanding what is happening. thanks in advance for your time, Joe Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "tls" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "abc123" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" } ... ... ... rad_recv: Access-Request packet from host 1.2.3.126 port 1024, id=28, length=167 User-Name = "joe" NAS-IP-Address = 1.2.3.126 NAS-Identifier = "00:08:da:57:3f:63" NAS-Port = 0 Called-Station-Id = "00-08-DA-57-3F-61:" Calling-Station-Id = "00-1A-4B-61-9C-C8" Framed-MTU = 1400 NAS-Port-Type = Ethernet Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000c016a73646965747a Message-Authenticator = 0x4f6d8dd3b1012bc9f500b915421a8fe3 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "joe", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rad_recv: Access-Request packet from host 1.2.3.126 port 1024, id=28, length=167 User-Name = "joe" NAS-IP-Address = 1.2.3.126 NAS-Identifier = "00:08:da:57:3f:63" NAS-Port = 0 Called-Station-Id = "00-08-DA-57-3F-61:" Calling-Station-Id = "00-1A-4B-61-9C-C8" Framed-MTU = 1400 NAS-Port-Type = Ethernet Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000c016a73646965747a Message-Authenticator = 0x4f6d8dd3b1012bc9f500b915421a8fe3 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "joe", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 1.2.3.126 port 1024, id=29, length=253 User-Name = "joe" NAS-IP-Address = 1.2.3.126 NAS-Identifier = "00:08:da:57:3f:63" NAS-Port = 0 Called-Station-Id = "00-08-DA-57-3F-61:" Calling-Station-Id = "00-1A-4B-61-9C-C8" Framed-MTU = 1400 NAS-Port-Type = Ethernet Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100500d800000004616030100410100003d03014829bb9f9cfe85aa6ac13f1df8fff02e7c2ce116dcee5d0847a173bddd4fab7d00001600040005000a000900640062000300060013001200630100 State = 0xbbdf20d6bbde2d9285f320de1e094fc7 Message-Authenticator = 0xcfd61b81787d9db0dbc4487e94abba8d +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "joe", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS TLS Length 70 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06f6], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 008b], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 29 to 1.2.3.126 port 1024 EAP-Message = 0x010204000dc0000007... EAP-Message = 0x83300d06092a864886f70d01 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbbdf20d6badd2d9285f320de1e094fc7 Finished request 5. Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 1.2.3.126 port 1024, id=30, length=179 User-Name = "joe" NAS-IP-Address = 1.2.3.126 NAS-Identifier = "00:08:da:57:3f:63" NAS-Port = 0 Called-Station-Id = "00-08-DA-57-3F-61:" Calling-Station-Id = "00-1A-4B-61-9C-C8" Framed-MTU = 1400 NAS-Port-Type = Ethernet Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200060d00 State = 0xbbdf20d6badd2d9285f320de1e094fc7 Message-Authenticator = 0x199602f63d262136de69a50907a837a2 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "joe", looking up r rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP c ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 30 to 1.2.3.126 port 1024 EAP-Message = 0x010303ee0d80000007... Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbbdf20d6b9dc2d9285f320de1e094fc7 Finished request 6. Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 1.2.3.126 port 1024, id=31, length=179 User-Name = "joe" NAS-IP-Address = 1.2.3.126 NAS-Identifier = "00:08:da:57:3f:63" NAS-Port = 0 Called-Station-Id = "00-08-DA-57-3F-61:" Calling-Station-Id = "00-1A-4B-61-9C-C8" Framed-MTU = 1400 NAS-Port-Type = Ethernet Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300060d00 State = 0xbbdf20d6b9dc2d9285f320de1e094fc7 Message-Authenticator = 0xd5780baba7af2999a85f8234b3c06fc5 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "joe", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop rad_check_password: Found Auth-Type etc...