Hi I have freeradius and Active Directory. I have configured the eap module In /etc/freeradius/mods-enabled/eap eap { default_eap_type = ttls timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = ${max_requests} tls-config tls-common { private_key_file = /etc/freeradius/certs/ssl-cert-snakeoil.key certificate_file = /etc/freeradius/certs/ssl-cert-snakeoil.pem ca_file = /etc/freeradius/certs/ca-certificates.crt dh_file = ${certdir}/dh ca_path = ${cadir} cipher_list = "HIGH" cipher_server_preference = no disable_tlsv1_2 = no disable_tlsv1_1 = no disable_tlsv1 = no tls_min_version = "1.0" tls_max_version = "1.2" ecdh_curve = "prime256v1" } tls { tls = tls-common } } In /etc/freeradius/sites-enabled/default authorize { filter_username preprocess mschap suffix eap { ok = return } files ldap if ((ok || updated) && User-Password) { update { control:Auth-Type := ldap } } pap expiration logintime } authenticate { Auth-Type LDAP { ldap } Auth-Type eap { eap } pap } preacct { preprocess acct_unique suffix files } accounting { detail unix exec attr_filter.accounting_response } post-auth { update { &reply: += &session-state: } exec } post-proxy { eap } In /etc/freeradius/sites-enabled/inner-tunnel server inner-tunnel { authorize { filter_username filter_inner_identity pap suffix update control { &Proxy-To-Realm := LOCAL } if ((ok || updated) && User-Password) { update { control:Auth-Type := ldap } } files ldap expiration logintime } authenticate { Auth-Type eap { eap } } Auth-Type PAP { pap } ldap post-auth { if (0) { update reply { User-Name !* ANY Message-Authenticator !* ANY EAP-Message !* ANY Proxy-State !* ANY MS-MPPE-Encryption-Types !* ANY MS-MPPE-Encryption-Policy !* ANY MS-MPPE-Send-Key !* ANY MS-MPPE-Recv-Key !* ANY } update { &outer.session-state: += &reply: } } Post-Auth-Type REJECT { attr_filter.access_reject update outer.session-state { &Module-Failure-Message := &request:Module-Failure-Message } } } post-proxy { eap } } Added ca to trusted root certificates and configured the ttls/pap client on windows. But the freeradius LDAP module is not accessed freeradius -x in the attachment I will accept any ideas with gratitude )