OpenLDAP and FreeRadius Auth

Alex Gregory alex at
Tue Aug 12 22:19:53 CEST 2014

For those interested; it looks like you have to install the iPhone configuration utility and create a profile.  Push that to the host and then it will authenticate.

On Aug 12, 2014, at 1:58 AM, Herwin Weststrate <herwin at> wrote:

>>> The supplicant is using TTLS with MS-CHAP inside of the TLS tunnel.
>>> You edited the "inner-tunnel" virtual server, and deleted "mschap" from
>>> it.  Put it back.
>> I did have that in there but removed it trying to force it. I will
>> change it back and play with it again tomorrow.
> That still won't work, since the passwords are only available as MD5
> hashes, which are incompatible with MSCHAPv2 (there is a nice overview
> on
> You have to change the settings of the client to use PAP as inner
> authentication protocol instead of MSCHAPv2.
> -- 
> Herwin Weststrate
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list