Working With EAP-TTLS, and LDAP

Alan DeKok aland at
Thu Mar 7 15:38:09 CET 2019

> On Mar 7, 2019, at 9:06 AM, Nate . <nate2077developer at> wrote:
> Good Evening,
>    I have been working on building a new FreeRadius 3.0.16 server on
> Ubuntu. Our goal was to mimic our current setup, but instead of using the
> old server which is mashed together with some other applications that no
> longer function, devote one to this.
>    I have followed the instructions on many sites on how to enable the
> proper modules and configure LDAP accordingly

  That's a problem.  99% of those sites give bad advice.

> (Our LDAP is acutally
> and we have successfully ran a radtest authentication
> against the LDAP settings, and it is Accepted. Great right? Well, then we
> attempted to enable EAP-TTLS, nothing seemed to work properly, and we found
> many different ways people were doing this. While researching a solution
> I've already configured all of our certificates.

  It's 2019.  The server comes with *tons* of documentation on how to do things.  The comments in the configuration files tell you what to do, and what everything means.

> So the last part we need
> to understand is the reason why we are getting "ERROR: No Auth-Type found:
> rejecting the user via Post-Auth-Type = Reject"
> I'm new to this kind of mailing list system, so please bear with me. I'm
> attaching the output log of our servers startup, and the connection log of
> my computer attempting over our wireless controller.

  You edited the default configuration and broke it.  Don't do that.

  Throw away everything you did, except maybe the certificates, and the LDAP module configuration.  Start over with the default configuration.

  Make sure that the authentication works with "radtest".  If it does, then read sites-enabled/inner-tunnel.  Run radtest against the inner tunnel, following the instructions there.

  If radtest works for the inner tunnel, then EAP-TTLS should work.

  If radtest doesn't work for the inner tunnel, then post that debug output here.

  Alan DeKok.

More information about the Freeradius-Users mailing list