I really appreciate your help but i can't understand some things. okey, let me ask some questions based on your very first answer. So suplicant sending some wrong packet. or something wrong withs it certificate? AP configured to use EAP-TLS and "passthrough" all eap requests to my freeradius. Client has it's client certificate. i've generated 3 certificates with OpenSSL: cacert.pem server-keycert.pem and client-keycert.pem (with xpextensions, but this is optional for xp clients). ca and server certs seems to be working coz TTLS is working fine.
> The supplicant is broken. It's sending an EAP-Identity field with no > data: where "EAP-Identity field" is generated? what have i to check ? Other question, should this lines be uncommented: check_cert_issuer = "/C=ZZ/ST=Yyyyy/L=yyyyy/O=Xxx" or check_cert_cn = %{User-Name} or those are optional and by default some other fields are used for authentication? also. what should i insert in user.conf (in daloRADIUS db in my case)... which user or password should be used. Or TLS is not used with database and i can't track WiFi link users with EAP-TLS through db and daloRADIUS? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html