18 Jul
2018
18 Jul
'18
6:13 a.m.
On Wed, 2018-07-18 at 11:30 +0200, Olivier Le Monnier wrote:
What I — normally — need to do is to verify the host certificate against the AD CS.
Put a copy of the AD root CA certificate on the FreeRADIUS server. Configure the "ca_file" setting in raddb/mods-enabled/eap (in the "tls- config tls-common" section) to point at the root CA file. If you want to do further checks on the certificate, use the "check- eap-tls" virtual server (see comments in the eap module config). -- Matthew