Hello there, I spend countless hours on this topic. The farthest i could get was this topic from 2008: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg49999.h... Freeradius version: 2.1.12 on debian Basically followed this guide: http://jitendrakumaryogi.blogspot.de/2013/10/step-by-step-free-radius-config... so ldap is configured in authorize section in default server and as authorize and authentication in inner-tunnel. I would like to use EAP-TTLS-PAP. The aim is to authorize via LDAP by binding anonymously and just looking up the uid, start an EAP-TTLS tunnel, tunnel the request to the inner-tunnel server and there use the clear password send by the supplicant in the following tunneled request to bind with the credentials against the LDAP server. If the bind is successfull the auth should be considered successfull. It works _if_ i provide a manager login to the ldap server so the ldap module can find the user and add a good password, **but if i delete those credentials it fails.** The whole process reaches the point where the authorize section in inner-tunnel is executed. It says: ..... [ldap] user pete authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. [ttls] Got tunneled reply code 3 [ttls] Got tunneled Access-Reject [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. ...... So why is that? I set the set_auth_type in module/ldap to yes since what's described there is exactly the behaviour i'd like. Why it says that no authenticate method is set? What can i do that LDAP is doing the authentication at this point? Thanks in advance. I hope i delivered al Infrormation needed. JoVaRi