Freeradius authentication with SSL client certificates

Arran Cudbard-Bell a.cudbardb at
Mon Nov 26 18:04:39 CET 2018

> On Nov 26, 2018, at 3:06 PM, Tom Yard <tomyyard at> wrote:
> Hi people, I wanto to implement a Freeradius authentication scheme, using
> server and client SSL certificates: every client that require WiFI access
> has to have a valid SSL certificate.
> I think I have to use:
> Authetication methos: EAP-TLS
> Authentication protocol with NTLM: MSCHAP or MSCHAPv2
> My clients are Windows, Linux and maybe Android.
> Is my proposal correct ?

EAP-TLS can't carry and inner method, so not really.  You can use EAP-TTLS with a client cert (so it behaves like EAP-TLS), and then run EAP-MSCHAPv2 as the inner method to do NTLM.


More information about the Freeradius-Users mailing list