To solve the problem, i basicly moved away from certificates for the authentication. I beleive that the PEAP/mschap required hashed passord that we found in SAMBA schema.
Anyway, using securew2 I’m able to do WPA EAP/TTLS with PAP/mschapv2 in an inner tunnel. Works fine for the logon but the user is asked for a user/password once a while. I can live with that for now.
I believe that this annoyance will be solves once I move my SAMBA backend to zeroshell. I can do that right?