It seems to be not a particular question, but... client - winxp wireless, ap - AIR-AP1131AG-E-K9, server 1.1.6. fresh install. certificates generated according to CA.all (with xp-extension and conversion to pkcs12)
eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { private_key_password = xxxxx private_key_file = ${raddbdir}/certs/merlin-crt.pem certificate_file = ${raddbdir}/certs/merlin-crt.pem CA_file = ${raddbdir}/certs/cacert.pem dh_key_length = 1024 dh_file = ${raddbdir}/certs/dh random_file = /dev/urandom } peap { default_eap_type = mschapv2 } mschapv2 { } } Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 224 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal bad_certificate TLS Alert read:fatal:bad certificate TLS_accept:failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails. eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 224 modcall: leaving group authenticate (returns reject) for request 224 auth: Failed to validate the user. -- Olimp, System Administrator IT Dept. Fax. +380(62)381-3428 Tel. +380(62)381-3978-5 ---- Looking forward to reading yours. RUFF-RIPE DI76-GANDI RUFF-6BONE Ruslan N. Marchenko - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html