On Wed, Feb 3, 2016 at 3:40 AM, Stefan Paetow <Stefan.Paetow@jisc.ac.uk> wrote:
Sorry, this might be a stupid question... Do you have any specific options in TTLS to set an inner auth method? If so, what precludes you from using EAP-TTLS (since that's supported by both the Android and Mac/iOS operating systems)?
Honestly, I haven't looked much at EAP-TTLS yet, but am starting to. If I understand correctly, this tends to be more certificate based authentication. We have a lot of personal cell phones. My presumption would be that we would have to load certificates onto these devices, is that correct? If that will get us around our problem, I'm open to that, but prefer not due to complexity. I'm just starting to look for documentations suggesting how to do this. It would be going through a Cisco WLC. I'm seeing EAP-TLS option on the WLC, but nothing specific with EAP-TTLS. And in all honesty, if freeradius isn't the best solution for what we're trying to do, if we need to purchase something like Cisco ACS, that would be on the table, I just know having OpenLDAP with plaintext passwords just isn't an option (even with ACL's on them).