Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Eap-tls+radius+active directory

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 954 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      conehead
      last edited by

      Hi,

      I am doing a second attempt here, no reaction on previous post. I have a working eap-tls radius at the moment but i would like to authenticate to active directory. Only persons who are a member of the security group HIER-Wifi should be able to logon with a certificate.

      I find it odd there are to places to put ldap settings (look at my screenshots), should i put something under radius or just under users/servers ? Could someone post a screenshot of his working environment.

      I hope someone can  help me

      thanks in advance
      ldap1.PNG
      ldap1.PNG_thumb
      ldap2.PNG
      ldap2.PNG_thumb
      ldap3.PNG
      ldap3.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        so you want to validate that the name on the cert is also a name in AD and in a specific group?  The deployment of the cert signed by your CA already validates the cert and the client validates the radius server…. Not sure why you would also want to check this against a group?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        1 Reply Last reply Reply Quote 0
        • C Offline
          conehead
          last edited by

          Extra security

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            Not really…  How exactly to you expect that to work out?  Seems like extra work for no added value other than something that could fail.

            How exactly is a user getting a cert that you didn't give them?  Why would you give them a cert and not put them in the group?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07 | Lab VMs 2.8, 25.07

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.