Good day all. We currently have a wpapsk wifi managed by ubiquiti unif-fi. i'm in the process of trying to move this over to a WPA2-Enterprise setup using kerberos as authentication. I used Alans the guide on http://deployingradius.com/ to get PAP and EAP working with my current certs using a local user. Next I used the Edoroam freeradius for auth against kerberos guide on https://www.eduroam.us/node/90 to setup kerberos authentication. Now this is where things go south. With a test user in users, EAP is working fine. I can auth using ./rad_eap_test -H localhost -S testing123 -u kerberos-test -p secret -P 1812 -e PEAP -m WPA-EAP However if I remove the local user and add "DEFAULT Auth-Type = Kerberos" it stops working. When I then test without EAP, using radtest kerberos-test secret localhost 0 testing123 It's working. So I can get EAP working with local users, and kerberos without EAP. What am I missing or not getting about getting them to work together to allow users to log into the wireless with existing user/pass but encrypted ? Regards Henti -- --