On Thu, Aug 26, 2010 at 2:53 PM, rrperez <rrpe...@apc.edu.ph> wrote: > > Thanks for the response Alan, > >>if using eg EAP-TTLS/PAP then you would have issues - some phones wont do > that method natively > > yes i do use EAP-TTLS/PAP, so does that mean that configurations should done > on the mobile devices and not on the server?
Are you still authenticating against Lotus Domino LDAP? Basically to get an authentication method to work, the device needs to be configured to use it, and the server needs to support it. So you need to have a method that's supported by both device and server. It's easy enough to configure the server to support multiple methods, but if you're still authenticating against Lotus Domino LDAP, you might want to enable only TTLS-PAP and PEAP-GTC. For example, iphone (from Apple's docs) supports EAP-TLS, EAP-TTLS, EAP-FAST, EAP-SIM, PEAPv0, PEAPv1, and LEAP. I've tried it with PEAP-GTC, and it works, so you might want to try EAP-TTLS/PAP and see how it goes. If it doesn't, they try other methods. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html