hi, just to revisit this recent thread. Was at a site who were implementing 802.1X authentication and they noted the Blackberry issue - some devices okay, others not... the FreeRADIUS server was configured to have the WHOLE CA chain of certs (root, intermediate,server signer and server cert) in the certificate_file entry in eap.conf and all of the blackberries tested (os4 and os5 etc) then worked with 'check certificate' enabled. the devices had the root CA on them but if the other certs werent delivered from the server then the devices didnt want to authenticate - likely to be how the chain is handled by the device - especially as they were very fussy about what was in the CA store.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html