OpenLDAP+FreeRadius Encryption

Arran Cudbard-Bell a.cudbardb at
Tue Feb 2 15:51:16 CET 2016

> On Feb 1, 2016, at 11:22 PM, Anirudh Malhotra <8zero2ops at> wrote:
> Hi,
> I dont know if this is correct to do(arran or alan would comment on this), but if you change the default peap method to gtc rather than mschap both android and apple(keeping security as automatic) device work with gtc(ldap).

GTC in this case is the inner method.  You can't use GTC as an outer method because it doesn't produce keying material.

I believe there's an issue (Alan DeKok can confirm) in all released versions of FreeRADIUS that prevents a different EAP module being used for the inner tunnel.  If you use v3.0.x or v3.1.x HEAD you should be able to configure an inner-eap instance of the EAP module, and set GTC as the default.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list