Cisco EAP/TLS not working

[Robert Myers]

I'm having a problem with my Cisco 2950 and EAP/TLS...I've already 
configured this to work on my HP 5300, so I'd assume that everything on 
the freeradius end is proper...

However I am receiving this from the debug log:


rad_recv: Access-Request packet from host 192.168.2.161:1812, id=9, 
length=116
        NAS-IP-Address = 192.168.2.161
        NAS-Port = 50012
        NAS-Port-Type = Ethernet
        User-Name = "client"
        Called-Station-Id = "00-09-7C-3E-92-0C"
        Calling-Station-Id = "00-11-11-64-A1-E6"
        Service-Type = Framed-User
        Framed-MTU = 1500
        EAP-Message = 0x
        Message-Authenticator = 0x21afff7782222d4fa2ead6e802a75517
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "client", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: Got EAP_START message
  modcall[authorize]: module "eap" returns handled for request 0
modcall: group authorize returns handled for request 0
Sending Access-Challenge of id 9 to 192.168.2.161:1812
        EAP-Message = 0x0101000501
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 9 with timestamp 43fc4990
Nothing to do.  Sleeping until we see a request.



Then this from the switch:

000043: *Mar  1 01:16:24: %DOT1X-5-ERR_INVALID_AAA_ATTR: Got invalid AAA 
attribute settings from RADIUS server


My question is, for anyone who has set this up, what must I do in the 
Cisco world to make this work?

-Bob