OpenLDAP and FreeRadius Auth

Alex Gregory alex at
Tue Aug 12 21:58:11 CEST 2014

It appears that Mac’s cannot do TTLS with MD5.  They have to do it with MS-CHAPv2:

I will continue to search to see if there is a way but I appreciate everyone steering me in the right direction.


On Aug 12, 2014, at 1:58 AM, Herwin Weststrate <herwin at> wrote:

>>> The supplicant is using TTLS with MS-CHAP inside of the TLS tunnel.
>>> You edited the "inner-tunnel" virtual server, and deleted "mschap" from
>>> it.  Put it back.
>> I did have that in there but removed it trying to force it. I will
>> change it back and play with it again tomorrow.
> That still won't work, since the passwords are only available as MD5
> hashes, which are incompatible with MSCHAPv2 (there is a nice overview
> on
> You have to change the settings of the client to use PAP as inner
> authentication protocol instead of MSCHAPv2.
> -- 
> Herwin Weststrate
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list