Freeradius2 and OSX clients no TLS

Phil Mayers p.mayers at
Sun Mar 6 14:03:13 CET 2011

On 03/05/2011 04:46 PM, Guy wrote:
> Hi,
> I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA
> Enterprise 2, and I have it basically working.  my iPhone/iPad are
> able to authenticate and connect via the base station.  However my
> Mac (OSX 10.6 Snow leopard) Laptops are having issues.
> I do not want to push out Client certificates to the laptops. I also
> do not want people to have to perform any customisations on the
> clients.
> When the laptop attempts to join the network I get a nice login
> window, with username/password. This is fine.  However without
> playing with the network settings (802.1x settings).  I'm not able to
> join the network because I do not have a client Cert:

EAP-TLS *requires* a client cert. If you want to use EAP-TLS, you will 
have to do something on the clients.

If you want to use PEAP or something, there are two things to consider - 
the default eap type in eap.conf:

eap {
   default_eap_type = peap

...and the default EAP type on MacOS.

PEAP & TTLS require the "tls" EAP type to be configured I think; I'm not 
sure you can disable EAP-TLS, as this will break PEAP & TTLS. The best 
you can do is change the default types.

If changing it on the server doesn't accomplish it, then I think you're 
going to have to do some config on the clients.

More information about the Freeradius-Users mailing list