RADIUS Authentication testing

Testing the RADIUS authentication depends on the operating system of a device and a android device needs to set phase 2 authentication.

User Authentication in Local Database

Operating system	EAP	CA Certificate	phase 2 authentication
Android	TTLS or PEAP	Select "Do not validate"	TTLS-GTC, TTLS-PAP, TTLS-MSCHAPV2, PEAP-GTC, or PEAP-MSCHAPV2^[1]
IOS	-	Trust the "BaseinWPA Server Certificate"	-
Windows 8, 10	-	-	-

Pass-Through Authentication / LDAP

You can't use some phase 2 authentication methods because the user-password must be decrypted into the plaintext to authenticate the user credentials from a remove database or a LDAP server,

Operating system	EAP	CA Certificate	phase 2 authentication
Android	TTLS or PEAP	Select "Do not validate"	TTLS-GTC, TTLS-PAP, or PEAP-GTC
IOS	-	Trust the "BaseinWPA Server Certificate"	-
Windows 10^[2]	-	-	-

The hyphen(-) means "don't care."

↑ If you select the MSCHAPV2, you must add a user-password as clear-text or Windows NT hashed.
↑ The older Microsoft Windows than version 10 does not support TTLS-GTC, TTLS-PAP, or PEAP-GTC

[1] If you select the MSCHAPV2, you must add a user-password as clear-text or Windows NT hashed.

[2] The older Microsoft Windows than version 10 does not support TTLS-GTC, TTLS-PAP, or PEAP-GTC

[1]

[2]