Mike, problem solved. > This means that your supplicant is deciding not to proceed with the > authentication for some reason. �You have to figure out why the > supplicant is refusing to complete the authentication. yep, you're right. What it didn't like was the Usage Attributes accompanying the cert. From the diff of the working and non-working cert file:
+ X509v3 Extended Key Usage: + TLS Web Server Authentication So now we officially know that our RADIUS server is a WWW Server 8-) -- and the supplicant happily continues to authenticate. BTW: In the code (peap.c) there's a FIXME suggesting to call ssl_get_error to see what has gone wrong -- might indeed be a good idea; if I got htis right, it should yield something like "BC"/"bad certificate" A certificate was corrupt, contained signatures that did not verify correctly, etc "UC"/"unsupported certificate" A certificate was of an unsupported type. Thanks again, Martin -- Dr. Martin Pauly Fax: 49-6421-28-26994 HRZ Univ. Marburg Phone: 49-6421-28-23527 Hans-Meerwein-Str. E-Mail: [EMAIL PROTECTED] D-35032 Marburg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
