Active Directory authentication question

Roberto Carna robertocarna36 at
Wed Sep 18 17:01:34 CEST 2013

Arran, I have a private CA and I've created the server and client
certs of course...and I've generated the .p12 cert (includind the CA
cert) to install in my Windows 7 works OK.

What I mean is that EAP-TLS is easier to me than AD authentication at
this point, because I've just put it to work...and if I want to use AD
auth I have to take EAP-TLS out and start again with NTLM / AD it OK ???


2013/9/18 Arran Cudbard-Bell <a.cudbardb at>:
> On 18 Sep 2013, at 15:39, Roberto Carna <robertocarna36 at> wrote:
>> Sorry, so I'm a bit confused...
>> I'm using Windows 7 clients for accesing the WiFi network through
>> EAP-TLS with X.509 certificates. But in this way, I could see that I
>> can authenticate users or hosts...if I choose users, I can see a
>> dialog box to fill user and password and I suppose they are checked
>> against MySQL database (because I see the query in debug mode). Is
>> this correct or not ???
> MySQL can be used to retrieve additional attributes associated with a
> given user/host.  It can even perform lookups based on fields in the
> cert presented, but it can't be used to store X.509 certificate data.
>> And finally, if I use EAP-TLS with X.509 certificates, do you mean I
>> don't need to use the authentication against the active directory
>> database ??? Maybe this is easier to me because I've put EAP-TLS to
>> work.
> No, the easier way is to complete the certificate chain using the
> signing cert which created the client certs in the first place. This needs
> to be made available to the EAP-TLS module.
> -Arran
> Arran Cudbard-Bell <a.cudbardb at>
> FreeRADIUS Development Team
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list