Hi Everybody,

Here I have problem and would like to ask for help.
Recently I try to implement freeradius with EAP-TLS.
I copied root.der and cert-clt.p12 and installed into Windows Xp.
Everything was fine until I tried to connect from Windows Xp and
I got an error saying "Authentication failed" then "Acquire network address". I

before using "WPA - Radius", I test it with WEP and it's connected.

Appreciate if anyone can help me solve this.

well what's the radius server say about that attempt?

[QUOTE=acid_kewpie;3100851]well what's the radius server say about that attempt?

Thanks for response. Where can I check the server output?

Run the service in debug mode to see a lot of detail about what's going on:

radiusd -X

http://www.freeradius.org/radiusd/INSTALL

radiusd -X

Here the output

Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "peter", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 1 length 23
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
users: Matched entry DEFAULT at line 153

modcall[authorize]: module "files" returns ok for request 14
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.

modcall[authorize]: module "pap" returns noop for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 4 to 192.168.0.206 port 1024
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x10078c1f070f3b1fd82eab98a5dbdd37
Finished request 14
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 13 ID 3 with timestamp 47ee1d76
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 14 ID 4 with timestamp 47ee1d7b

1. Is it because the password hence it's not connected?
2. Where to set the password and user name? (for example above "peter" to "joe")
3. Should I run CA.all everytime got new user to generate root.der or cert-clt.p12 for each username?
4. Openssl pkcs12 or Openssl req -new -x509 is for what?