Trouble With Eap-TTLS - PAP - LDAP - Azure AD DS

Sven Hartge sven at
Fri Dec 11 21:23:59 CET 2020

On 11.12.20 20:06, Bryce Long wrote:

> I was just now reading from another post that I only really have 2 choices:
> I either have to store the passwords somewhere for mschap to work or I have
> to set the server to use ttls and pap?

First choice: Yes, the one with the most compatibility.

Second choice: Problematic. The Client drives the conversation and if 
the Client says "I wann do PEAP-MSCHAPv2!" then there is nothing the 
RADIUS server can do to convince him otherwise.

Since PEAP-MSCHAPv2 is still the most compatible protocol for WiFi you 
really have no other choice than the first choice.

Unless you want to drown in support requests. (Ask me how I know.)


More information about the Freeradius-Users mailing list