Wireless EAP-TLS with LDAP Authentication

  • I have WPA2 AES enterprise working with 802.1x EAP-TLS wireless auth to the freeradius module in our pfsense.  Everything works as intended and users with certificates issued from our pfsense CA can connect to wireless with no problems.  We use the certs that were initially issued for Openvpn authentication.  The user could copy the .p12 bundle in the openvpn config folder and send it to anyone and they could authenticate and access our wireless network.  This is not a concern for VPN because we do Ldap auth as well as ssl cert verification.  Everything I read says that Ldap auth is not possible with EAP-TLS but I'd like to add an extra layer of authentication.  Please advise.

Log in to reply