Trying to do EAP-TTLS-PAP with CRYPT passwd in LDAP.. The tunelling seems fine.. but up to comparing the password it will failed. Refer below logs & config Some says (http://felipe-alfaro.org/blog/category/radius/) PAP is tunneled inside EAP-TTLS through EAP-GTC... Tried that as well.. still same error.. gtc { auth_type = PAP [even trying to change to LDAP/OCE - still same error) } Error ==== auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [jaroce2@ocemy015.com] (from client localhost port 0) TTLS: Got tunneled Access-Reject rlm_eap: Handler failed in EAP/ttls rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 9 modcall: leaving group authenticate (returns invalid) for request 9 auth: Failed to validate the user. Login incorrect: [jaroce2@ocemy015.com] (from client OCE_JARING port 241 cli 00-11-5b-2d-b2-8e) With setting:- a) radiusd.conf ldapOCE { --some setting } authorize { eap Autz-Type OCE { ldapOCE } } authenticate { Auth-Type OCE { ldapOCE } eap } b) eap.conf eap { default_eap_type = ttls tls { --some setting } ttls { default_eap_type = md5 } c) users:- DEFAULT Realm == "my015.com", Autz-Type := OCE