Hi All, I installed freeRADIUS 1.0.5 recently, and configured the server as described in the documentation files. I configured it (freeRADIUS) to accept incoming authentication requests from a WLAN AP (10.128.253.122). (Thanks for everyone who helped me throughout.) Then, using the OpenSSL, I created Server and Client Certificates to work with EAP/TLS. I also configured user (Windows XP) to connect to the network through the AP. When I am trying to connect to the network, the AP sends the access-request to the freeRADIUS server and the output of the 'radiusd -X' is as follows. < rad_recv: Access-Request packet from host 10.128.253.122:2049, id=0, length=145 User-Name = "rajith-office" NAS-IP-Address = 10.128.253.122 Called-Station-Id = "001310e7f2a3" Calling-Station-Id = "00121764a573" NAS-Identifier = "001310e7f2a3" NAS-Port = 50 Framed-MTU = 1400 State = 0x814918fda1642f41b8a502c6a199d9dc NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060d00 Message-Authenticator = 0x6f24ef63df0ac05fc0eea5bae2c6db30 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 23 modcall[authorize]: module "preprocess" returns ok for request 23 modcall[authorize]: module "chap" returns noop for request 23 modcall[authorize]: module "mschap" returns noop for request 23 rlm_realm: No '@' in User-Name = "rajith-office", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 23 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 23 users: Matched rajith-office at 156 modcall[authorize]: module "files" returns ok for request 23 modcall: group authorize returns updated for request 23 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 23 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message eaptls_verify returned 3 eaptls_process returned 3 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 23 modcall: group authenticate returns ok for request 23 Sending Access-Accept of id 0 to 10.128.253.122:2049 MS-MPPE-Recv-Key = 0x2360910dc1d2c0525aabfbe09a803b23d3b36957a3d2751fea8e6cadd83a2001 MS-MPPE-Send-Key = 0x634f3a8d4247469db34585005a67c4d46689d6047fbd70296dd9a2ea35d8e35e EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "rajith-office" Finished request 23 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 23 ID 0 with timestamp 438ffb3c Nothing to do. Sleeping until we see a request. > As it says, it sends the access-accept message to the AP. When observed the output of the tcpdump, I get the following. < tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 14:06:25.021464 IP (tos 0x0, ttl 64, id 1077, offset 0, flags [DF], length: 167) 10.128.253.122.nfs > rajith-office.radius: RADIUS, length: 139 Access Request (1), id: 0x00, Authenticator: a1e2e07e2e18f7e9342ef7ebd2b20529 Username Attribute (1), length: 15, Value: rajith-office 0x0000: 7261 6a69 7468 2d6f 6666 6963 65 NAS IP Address Attribute (4), length: 6, Value: 10.128.253.122 0x0000: 0a80 fd7a [|radius] 14:06:25.023671 IP (tos 0x0, ttl 64, id 24, offset 0, flags [DF], length: 92) rajith-office.radius > 10.128.253.122.nfs: RADIUS, length: 64 Access Challenge (11), id: 0x00, Authenticator: e7e0b48c8f87df181cca4aed4bb2f4ab EAP Message Attribute (79), length: 8, Value: .. 0x0000: 0101 0006 0d20 Message Authentication Attribute (80), length: 18, Value: . ..q*....X..... 0x0000: 8820 1ebc 712a 1b84 c4b2 58bf 96bd f3ef [|radius] 14:06:25.247782 IP (tos 0x0, ttl 64, id 1078, offset 0, flags [DF], length: 247) 10.128.253.122.nfs > rajith-office.radius: RADIUS, length: 219 Access Request (1), id: 0x00, Authenticator: f6feb52cb3ffb9e92651be66e9ab549e Username Attribute (1), length: 15, Value: rajith-office 0x0000: 7261 6a69 7468 2d6f 6666 6963 65 NAS IP Address Attribute (4), length: 6, Value: 10.128.253.122 0x0000: 0a80 fd7a [|radius] 14:06:25.250218 IP (tos 0x0, ttl 64, id 25, offset 0, flags [DF], length: 919) rajith-office.radius > 10.128.253.122.nfs: RADIUS, length: 891 Access Challenge (11), id: 0x00, Authenticator: 218ca3fafe6f1c3b007d5ae8b7cdd40a [|radius] 14:06:25.274389 IP (tos 0x0, ttl 64, id 1079, offset 0, flags [DF], length: 173) 10.128.253.122.nfs > rajith-office.radius: RADIUS, length: 145 Access Request (1), id: 0x00, Authenticator: e26c1b74318e971004e1fac2c3b5b1ea Username Attribute (1), length: 15, Value: rajith-office 0x0000: 7261 6a69 7468 2d6f 6666 6963 65 NAS IP Address Attribute (4), length: 6, Value: 10.128.253.122 0x0000: 0a80 fd7a [|radius] 14:06:25.275289 IP (tos 0x0, ttl 64, id 26, offset 0, flags [DF], length: 203) rajith-office.radius > 10.128.253.122.nfs: RADIUS, length: 175 Access Accept (2), id: 0x00, Authenticator: 4af05501f464f4080afcce604e2c5f24 [|radius] > But, the problem is, the user machine (one that is running Windows XP) does not connect to the network. It again asks for the 'User Credentials'. Does anyone know where the problem lies? Thanking You. -------------------------------------------------------------------------------- Madhuraka Godahewa Telecommunications Engineer Research and Development Unit Electroteks Global Networks (Pvt.) Ltd. Mobile: + 94-777-647055 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html