WiFi EAP authentication and iOS device setup options?
Alan Buxey
alan.buxey at gmail.com
Fri Oct 3 15:05:19 UTC 2025
On iOS, not as end end user. You can y de MDM software to configure that
stuff or a .mobileconfig file. Other OSes are too permissive by default...
and older OSes were very fussy (hello Windows mobile (RIP))
Alan
On Fri, 3 Oct 2025, 13:37 Franta Hanzlík via Freeradius-Users, <
freeradius-users at lists.freeradius.org> wrote:
> I finally managed to set up very basic EAP-PEAP and EAP-TTLS MSCHAP2
> authentication in a Freeradius + Mikrotik MT network (users and their
> passwords in cleartext in text file), with a Let's Encrypt certificate
> in the eap{tls-config tls-common {}} section).
>
> Connecting from a Linux NTB and Android (v9 and v11) phone is without
> problems for both TTLS and PEAP, in the WiFi network settings I can
> choose a whole range of parameters (EAP method, phase 2 authentication
> method, certificate selection, CRL usage, domain, identity and anonymous
> identity,...).
> And now I tried connecting an iOS (v15) tablet - and this device only
> requires a username and password. Then it asks if the user trusts Let's
> Encrypt certificate (which it says is untrusted), and then it connects
> to the network without any problems.
>
> Please excuse the possibly stupid questions, but I have no experience
> with Apple iOS devices at all - so I would like to ask for an explanation
> - is this normal with iOS? :
>
> - that you can't set basically any WiFi network parameters (after
> connecting, you can set automatic connection to the network, and
> randomization of the MAC address - but that's probably all)
>
> - when I used a certificate generated by the resources in raddb/certs/
> instead of the Lets Encrypt certificate, both Linux and Android clients
> connected to the network, but the iOS tablet ended up with the error aka
> "Cannot connect to this network." - is that why?
>
> - why does marks the Let's Encrypt certificate as untrustworthy?
> --
> Thanks again, Franta Hanzlik
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list