Freeradius2 and OSX clients no TLS

Guy guy at
Sun Mar 6 17:31:54 CET 2011

On 6 Mar 2011, at 13:03, Phil Mayers wrote:

> On 03/05/2011 04:46 PM, Guy wrote:
>> Hi,
>> I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA
>> Enterprise 2, and I have it basically working.  my iPhone/iPad are
>> able to authenticate and connect via the base station.  However my
>> Mac (OSX 10.6 Snow leopard) Laptops are having issues.
>> I do not want to push out Client certificates to the laptops. I also
>> do not want people to have to perform any customisations on the
>> clients.
>> When the laptop attempts to join the network I get a nice login
>> window, with username/password. This is fine.  However without
>> playing with the network settings (802.1x settings).  I'm not able to
>> join the network because I do not have a client Cert:
> EAP-TLS *requires* a client cert. If you want to use EAP-TLS, you will have to do something on the clients.
> If you want to use PEAP or something, there are two things to consider - the default eap type in eap.conf:
> eap {
>  default_eap_type = peap
>  ...
> }
> ...and the default EAP type on MacOS.
> PEAP & TTLS require the "tls" EAP type to be configured I think; I'm not sure you can disable EAP-TLS, as this will break PEAP & TTLS. The best you can do is change the default types.
> If changing it on the server doesn't accomplish it, then I think you're going to have to do some config on the clients.
> -
> List info/subscribe/unsubscribe? See

Yup that was it...

I changed "default_eap_type=md5" to  "default_eap_type=ttls" and now the Macs are able to authenticate without Certs or any configuration on their side!!


More information about the Freeradius-Users mailing list