EAP-TLS and LDAP with Windows Server 2012R2 Native Functional Level

tj2718 at aol.com tj2718 at aol.com
Wed Oct 26 02:15:11 CEST 2016


> I was bitten by that too. Try changing it to:
> 
> if (&Ldap-Group == "WiFi")

I made the change recommended and it still results in certificates being rejected with

(6)     if (&Ldap-Group == "WiFi")  -> FALSE

> In addition: since Ldap-Group is multi-valued, and you want to check if
> *any* of the groups is "WiFi", you may want to write instead
> 
> if (&Ldap-Group[*] == "WiFi")

I tried this change as well but certificates were still rejected.

(6)     if (&Ldap-Group[*] == "WiFi")  -> FALSE

> There is another way to deal with this, which is to enable one of these
> settings:
> 
>                 cacheable_name = 'no'
>                 cacheable_dn = 'no'
> 
I also tried the cacheable_name = 'no' and tried cacheable_name = 'yes'
with certificates being rejected both times.

Is using certificates for computers mutually exclusive of being able to use Active
Directory username and passwords?

Thank you,
Travis









More information about the Freeradius-Users mailing list