LinuxQuestions.org - WPA-Radius Authentication help!

Hi Everybody,

Here recently I am trying to setup Wireless Access by implement freeradius with EAP-TLS & WPA Authentication and I have problem that unable to solve it alone.

Internet --- DNS/DHCP (192.168.0.10) --- AP (B: 192.168.0.20, Wifi: 192.168.1.20)--- Client (IP: ??)

Here what I do:
The Access Point setting as Router (point to multiple point purpose)
with the follwing option
Brigde ip 192.168.0.20
Wireless ip 192.168.1.20
DHCP (IP: ?? )

I copied root.der and cert-clt.p12 and installed in Windows XP.
Everything was fine until I tryto connect from Windows XP and
I get an error saying "Authentication failed" then "Acquire network address".

before that I tested it with WEP and it's connected. (Bridge Setting)

Here the radiusd output :

rad_recv: Access-Request packet from host 192.168.0.20:1024, id=170, length=249
User-Name = "peter"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "XX:30:22:XX:03:BB"
Calling-Station-Id = "CC:XX:ff:DD:56:b8"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
State = 0x78c828f00dc222fab412c067b27025a9
EAP-Message = 0x020200500d800000004616030100410100003d030147f24bcbf6acde6392b867bd1824a7cfc1b57103e7d7d92961b204fe b9d8aace00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xbfb15cecf2c0c6483a3d651bc9bd9591
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 84
modcall[authorize]: module "preprocess" returns ok for request 84
modcall[authorize]: module "chap" returns noop for request 84
modcall[authorize]: module "mschap" returns noop for request 84
rlm_realm: No '@' in User-Name = "mars1.marsindo.com", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 84
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 84
users: Matched entry mars1.marsindo.com at line 95
modcall[authorize]: module "files" returns ok for request 84
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 84
modcall: leaving group authorize (returns updated) for request 84
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 84
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 00b1], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 84
modcall: leaving group authenticate (returns handled) for request 84
Sending Access-Challenge of id 170 to 192.168.0.20 port 1024
Reply-Message = " Hello, %u"
EAP-Message = 0x0103040a0dc00000079e160301004a02000046030147f24bc49042dba67ba6257cff166a51c38727347aee83ea71fca24f e79b2385203b528098e9a8458f2225da4fe331e907c3c0be1d290bb89d98b3595dad77691600040016030106940b00069000 068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b300906035504061302 43413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a 130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e 74206365
EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d30 34303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f060355 0408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a 6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f7420636572746966696361 7465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d0101 01050003
EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7 ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d3 4920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a31730153013 0603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178 ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c 07e80d09
EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43 850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f 310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369 747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906 035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578 616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x88e551f3c3a0f971ce473415504e06ad
Finished request 84
Going to the next request

Please anyone can help!