On Oct 4, 2018, at 4:10 PM, Elias Pereira <empbilly@gmail.com> wrote:
I have an environment with samba4 ADDC and freeradius for eap-tls authentication. For computers that are in the domain, eap-tls authentication with personal certificate is already working.
What does that mean? EAP-TLS is certificate-based authentication. It has nothing whatsoever to do with AD domains.
I would like to do EAP-TLS authentication for computers that are not in our domain, ie private computers, but that the user is part of our domain.
Is there any way to do this via eap-tls?
If the computer has a correct client certificate, then they will be authenticated via EAP-TLS. Why do you think EAP-TLS requires domain checks? Or maybe more correctly, what have you done to your system that ties EAP-TLS to the AD domain? Alan DeKok.