Eap-tls+radius+active directory

  • Hi,

    I am doing a second attempt here, no reaction on previous post. I have a working eap-tls radius at the moment but i would like to authenticate to active directory. Only persons who are a member of the security group HIER-Wifi should be able to logon with a certificate.

    I find it odd there are to places to put ldap settings (look at my screenshots), should i put something under radius or just under users/servers ? Could someone post a screenshot of his working environment.

    I hope someone can  help me

    thanks in advance

  • LAYER 8 Global Moderator

    so you want to validate that the name on the cert is also a name in AD and in a specific group?  The deployment of the cert signed by your CA already validates the cert and the client validates the radius server…. Not sure why you would also want to check this against a group?

  • Extra security

  • LAYER 8 Global Moderator

    Not really…  How exactly to you expect that to work out?  Seems like extra work for no added value other than something that could fail.

    How exactly is a user getting a cert that you didn't give them?  Why would you give them a cert and not put them in the group?

Log in to reply