EAP-TLS and Active Directory

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Nov 25 14:19:27 CET 2015


> On 25 Nov 2015, at 06:31, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> 
> On Wed, Nov 25, 2015 at 11:14:20AM +0000, Scott Armitage wrote:
>>> On 25 Nov 2015, at 11:07, Matthew Newton <mcn4 at LEICESTER.AC.UK> wrote:
>>> We check the certificate subject against the AD LDAP to ensure
>>> that the machine is permitted to connect.
>> 
>> Not telling you how to suck eggs Matthew, but couldn’t you improve efficiency by using an OCSP check instead.
> 
> We do that as well.
> 
> That doesn't check that the machine is in a particular group,
> though :-). Not all machines are permitted to join the wireless
> network.

eggs are cacheable in v3.1.x

-Arran

FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151125/850a7834/attachment.sig>


More information about the Freeradius-Users mailing list