Eap-tls+radius+active directory
-
Hi,
I am doing a second attempt here, no reaction on previous post. I have a working eap-tls radius at the moment but i would like to authenticate to active directory. Only persons who are a member of the security group HIER-Wifi should be able to logon with a certificate.
I find it odd there are to places to put ldap settings (look at my screenshots), should i put something under radius or just under users/servers ? Could someone post a screenshot of his working environment.
I hope someone can help me
thanks in advance
-
so you want to validate that the name on the cert is also a name in AD and in a specific group? The deployment of the cert signed by your CA already validates the cert and the client validates the radius server…. Not sure why you would also want to check this against a group?
-
Extra security
-
Not really… How exactly to you expect that to work out? Seems like extra work for no added value other than something that could fail.
How exactly is a user getting a cert that you didn't give them? Why would you give them a cert and not put them in the group?