I finally managed to set up very basic EAP-PEAP and EAP-TTLS MSCHAP2 authentication in a Freeradius + Mikrotik MT network (users and their passwords in cleartext in text file), with a Let's Encrypt certificate in the eap{tls-config tls-common {}} section). Connecting from a Linux NTB and Android (v9 and v11) phone is without problems for both TTLS and PEAP, in the WiFi network settings I can choose a whole range of parameters (EAP method, phase 2 authentication method, certificate selection, CRL usage, domain, identity and anonymous identity,...). And now I tried connecting an iOS (v15) tablet - and this device only requires a username and password. Then it asks if the user trusts Let's Encrypt certificate (which it says is untrusted), and then it connects to the network without any problems. Please excuse the possibly stupid questions, but I have no experience with Apple iOS devices at all - so I would like to ask for an explanation - is this normal with iOS? : - that you can't set basically any WiFi network parameters (after connecting, you can set automatic connection to the network, and randomization of the MAC address - but that's probably all) - when I used a certificate generated by the resources in raddb/certs/ instead of the Lets Encrypt certificate, both Linux and Android clients connected to the network, but the iOS tablet ended up with the error aka "Cannot connect to this network." - is that why? - why does marks the Let's Encrypt certificate as untrustworthy? -- Thanks again, Franta Hanzlik