Happy to say that I finally got all the parts of the WiFi RADIUS authentication working on my home network this evening, a little after midnight. As of this writing, my two Windows XP laptops now connect automatically... now I just have to figure out how to set it up on my Debian laptop. (I don't have any of the fancy-schmancy GUI utilities on it, so I tweak the network settings by hand in the config files). Also have to figure out how to add a certificate to the laptop. But enough learning for today... once everything is taken care of, I'll post a step-by-step summary of what has to happen in order to get it all working right, with client info for both XP and linux.Final "D'oh!" moment was spending some time staring at the log files for both my AP and RADIUS server when I was attempting to authenticate. The AP indicated that it was forwarding EAP-TLS requests to the server, but the server didn't seem to be doing anything. This was highly frustrating to me; I was preparing to blame it on a cheap foreign-made router, when I discovered something.I had put the wrong IP address into the "RADIUS Server" field.Heh.Turns out that using the *CORRECT* IP address for the RADIUS server makes all the difference. You may want to write that down somewhere so you don't forget it.