Thanks John for the reply. can I use EAP-TLS method of authentication with LDAP as backend datastore to check usernames and passwords. It would be like I bind to RADIUS server with EAP-TLS method using certificate and check usernames and passwords from LDAP server if yes on EAP-TLS can you please tell me how to configure EAP-TLS with LDAP as backend datastore. Basically I want to avoid harcoded usernames and passwords in raddb of RADIUS server for authenticating users which I am doing currently . ldap { server = "localhost" # identity = "cn=admin,o=My Org,c=UA" identity = "uid=admin,ou=CamUsers,dc=vmbox,dc=int" password = admin basedn = "ou=CamUsers,dc=vmbox,dc=int" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" # base_filter = "(objectclass=radiusprofile)" # set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. # The StartTLS operation is supposed to be used with normal # ldap connections instead of using ldaps (port 689) connections start_tls = yes # tls_cacertfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/cacert.pem # tls_cacertdir = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts # tls_certfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem # tls_keyfile = C:/FreeRADIUS.net/etc/raddb/certs/FreeRADIUS.net/DemoCerts/admin.pem # tls_randfile = /path/to/rnd tls_require_cert = "allow" Waiting for your inputs Thanks and Regards, Pramod