Hello, my fist question here, so bare with me The solution is perhaps simple, but I cant seem to figure it out I want to setup vpn authentication for users using Freeradius as Radius backend in vpn server User certificates are created using a Edirectory server that also is CA and ldap server What do I have to do to configure Freeradius role in this, if I search for solutions online, most is related to AD and MS NPS. My understanding is that EAP-TLS requires that the vpn server pass the certificate request to Freeradius and Freeradius is verifying the certificate and reply with a accept or deny. But what is needed for Freeradius to verify the certificate, is it only that the CA certificate to verify that the certificate is issued by that CA or is it possible for Freeradius to pick the subject or SAN like email address and to a lookup in LDAP to get specific group or attribute back and based on that respond with accept or deny? Or how to you do it? /Lennart Med vänlig hälsning/Kind regards Lennart Johansson Telefon: +4610 5516810 Mobil: +4670 2334116 B-IQ Business in Quaternion AB Kivra: 556949-6648 106 31 Stockholm Sverige/Sweden