hi,
I think I understand it better now, I've made those changes, and connecting an android phone with the required security preferences is working! Now I'm struggling to get an Apple desktop to let me choose what protocols to use, so I'm working on figuring out why that is now. I've already been contacted one on one by 8 other people asking for this exact same setup, mac/windows/android environment, with Freeradius using LDAP to authenticate via Googles Applet.
OSX used to be really good for 802.1X networks. Then Apple chose to mess with the UI and preferences and did away with the ability to choose what methods to use etc. At least they added cert/CA checking to Lion but since then its gone downhill. the only option is to use a deployment profile to configure the relevant and correct settings. there are commercial tools and free tools (including Apples own configurator) - then create a profile that you can then just click on to install. With regards to the other platforms...at least its 2019 now - and Windows has come along enough that it supports EAP-TTLS/PAP now . your milage will vary for other platforms. to be honest, I would say use another mechanism - eg EAP-TLS (pure client/server certs) - use the LDAP as your authorization system for a simple web front end that generates and provides the user with their cert/profile alan