I'm using the default config with the following changes in eap.conf: default_eap_type = tls
and the tls section excepted by check_crl and check_cert_cn out-commented. So I'm using the test certificates. EAP-Type: TLS freeRADIUS version 1.0.0 Verified with Windows 2000/XP 802.1x Authentication Client Generate a random certificate by hand with a other CA and be sure that the certificate size is bigger than the size of one fragment (see eap.conf or in debugging mode the MTU from the switch or ap). The following will happen: rad_recv: Access-Request rlm_eap_tls: Requiring client certificate Sending Access-Challenge rad_recv: Access-Request rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00b1], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 Sending Access-Challenge rad_recv: Access-Request rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rad_recv: Access-Request rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message eaptls_verify returned 3 eaptls_process returned 3 Sending Access-Accept This is indeed a cutted debug log, because this log was filled with some private information. _____________________________________________________________ GRATIS LEUK EMAILADRES! http://www.apennootje.nl - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html