Hi, I've got a solution currently in place that works beautifully authenticating users with certificates using EAP-TLS. Unfortunatley, I need to start catering for users who have, shall we say, "limited" endpoints that only support TTLS/MSCHAPv2 type authentication (things like Amazon Kindle Paperwhotsits" for example, have a limited implementation that you can't seem to stick certificates on without jailbreaking... and that ain't gonna happen). So, I'm a bit lost for ideas ? I'm not a freeradius guru either... and the config files I've had a quick peek at seem to suggest bad things will happen .... e.g. the following comment .... # Note that this means "check plain-text password against # the ldap database", which means that EAP won't work, # as it does not supply a plain-text password. Ideas most welcome ! Thanks Ben