Hello! I am trying to configure FreeRADIUS to authenticate users on a guest SSID with Aruba's Instant virtual controller captive portal. The FreeRADIUS server is currently configured only to perform an EAP-TTLS/GTC 802.1X authentication for supplicants on the Aruba IAPs (as client) using a LDAPS lookup. What I have found comparing debug outputs from successful 802.1X binds with unsuccessful captive portal client requests is that the Aruba Instant controller does not specify an EAP type (EAP-message attribute) in the request; credentials are sent in plaintext. The server immediately rejects the bind because no other auth method than EAP-TTLS is configured. The Aruba Instant apparently cannot be configured to encrypt the captive portal request. My thought is that if I configured a secondary non-EAP authorization method, the FreeRADIUS could use it to process the captive portal requests. What auth method could work? How can I secure this so that FreeRADIUS only uses it for the captive portal requests? Thanks, Evan