Working With EAP-TTLS, and LDAP

Alan Buxey alan.buxey at
Tue Mar 26 19:48:46 CET 2019


> I think I understand it better now, I've made those changes, and connecting
> an android phone with the required security preferences is working! Now I'm
> struggling to get an Apple desktop to let me choose what protocols to use,
> so I'm working on figuring out why that is now. I've already been contacted
> one on one by 8 other people asking for this exact same setup,
> mac/windows/android environment, with Freeradius using LDAP to authenticate
> via Googles Applet.

OSX used to be really good for 802.1X networks. Then Apple chose to
mess with the UI and preferences and
did away with the ability to choose what methods to use etc. At least
they added cert/CA checking to Lion
but since then its gone downhill.  the only option is to use a
deployment profile to configure the relevant and
correct settings. there are commercial tools and free tools (including
Apples own configurator) - then create
a profile that you can then just click on to install.

With regards to the other least its 2019 now - and
Windows has come along enough that it supports
EAP-TTLS/PAP now .  your milage will vary for other platforms.

to be honest, I would say use another mechanism - eg EAP-TLS  (pure
client/server certs) - use the LDAP
as your authorization system for a simple web front end that generates
and provides the user with their cert/profile


More information about the Freeradius-Users mailing list