Hey Guys,

I am running FreeRADIUS 3.0.3, OpenLDAP version 2.4.39. Both my openldap and freeradius servers are using start_tls. I have configured the freeradius server to use ldap and have verified that everything is working using `radiusd -XXX` and then `radtest username password localhost 18120 testing123`.

So here is my setup. I have a Ubiquiti Unifi Access Point that I am using WPA-Enterprise on. I have the Unifi AP pointing to the FreeRADIUS server and using the correct secret. And on my FreeRADIUS server, I have the Unifi AP setup as a client with the same secret.

When I connect to my Unifi AP from a wireless device, I select EAP-TTLS and PAP.

So here is my question: is this setup the norm? Is this secure enough? would you use a setup like this in a production environment,

I just want to make sure im not forgetting some loophole or something. I am also wanting to make sure traffic from the Freeradius server to the LDAP server cannot be "sniffed" and traffic from the freeradius server to the unifi AP cant be "sniffed". I've checked places like this post: http://freeradius.1045715.n5.nabble.com/How-secure-is-the-radius-encryption-td5615830.html

And it looks to me like my setup is setup correctly for what I am looking for.