OpenLDAP+FreeRadius Encryption

Greg Mischel Smith gregms at
Wed Feb 3 18:31:36 CET 2016

On Wed, Feb 3, 2016 at 3:40 AM, Stefan Paetow <Stefan.Paetow at> wrote:
> Sorry, this might be a stupid question... Do you have any specific options
> in TTLS to set an inner auth method? If so, what precludes you from using
> EAP-TTLS (since that's supported by both the Android and Mac/iOS operating
> systems)?
Honestly, I haven't looked much at EAP-TTLS yet, but am starting to.
If I understand correctly, this tends to be more certificate based
authentication. We have a lot of personal cell phones. My presumption
would be that we would have to load certificates onto these devices,
is that correct? If that will get us around our problem, I'm open to
that, but prefer not due to complexity.  I'm just starting to look for
documentations suggesting how to do this. It would be going through a
Cisco WLC. I'm seeing EAP-TLS option on the WLC, but nothing specific
with EAP-TTLS.

And in all honesty, if freeradius isn't the best solution for what
we're trying to do, if we need to purchase something like Cisco ACS,
that would be on the table, I just know having OpenLDAP with plaintext
passwords just isn't an option (even with ACL's on them).

More information about the Freeradius-Users mailing list