Hi I am sure this must be a commonly asked question, but after hours of searching I just can't seem to find the answer. I've spent hours trawling through google and searching the archives to no avail. I am sure I am missing something simple, but can't put my finger on it. There are several posts of similar topic but no answer (or answer that works).
In my case, I have freeradius installed to use EAP-TLS, Windows XPSP2 clients exclusively. The authentication works fine after logging on using a local account. I have the same certificates in both the local users certificate store and the computer account certificate store. The debug output for freeradius, when the computer is first switched on and before logging on, simply shows repeated Access-Request packets like the one below. It basically simply repeats. Can anyone shed any light at all, or point me in other directions to search? TIA Fil --Debug Output-- Cleaning up request 8 ID 2 with timestamp 45fa940f Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.1.50:1054, id=4, length=207 Message-Authenticator = 0xc45158cab736178c590d01cee92bc6cc Service-Type = Framed-User User-Name = "host/SACM0734" Framed-MTU = 1488 Called-Station-Id = "XXXXXXXXXXXXXXXXXXX" Calling-Station-Id = "XXXXXXXXXXXXXXXXX" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204001201686f73742f5341434d30373334 NAS-IP-Address = 192.168.1.50 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 rlm_realm: No '\' in User-Name = "host/SACM0734", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 9 rlm_eap: EAP packet type response id 4 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 users: Matched host/SACM0734 at 66 modcall[authorize]: module "files" returns ok for request 9 modcall: group authorize returns updated for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 9 modcall: group authenticate returns handled for request 9 Sending Access-Challenge of id 4 to 192.168.1.50:1054 EAP-Message = 0x010500060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfa4829561866ec99c1e1c3ace47e3f57 Finished request 9 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 9 ID 4 with timestamp 45fa942d Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html