Active Directory authentication question

John Dennis jdennis at
Wed Sep 18 17:32:24 CEST 2013

On 09/18/2013 11:01 AM, Roberto Carna wrote:
> Arran, I have a private CA and I've created the server and client
> certs of course...and I've generated the .p12 cert (includind the CA
> cert) to install in my Windows 7 works OK.
> What I mean is that EAP-TLS is easier to me than AD authentication at
> this point, because I've just put it to work...and if I want to use AD
> auth I have to take EAP-TLS out and start again with NTLM / AD
> it OK ???

I think you have a misconception. The client decides what type of
authentication mechanism it's going to use. The radius server should be
able to handle a wide variety of authentication mechanisms supplied by a
diverse range of clients.

So in your case you've got one mechanism working, great, now add support
for another, when you're done your radius server can handle 2
mechanisms. Keep iterating on this basic cycle until your server
supports the range of clients you need to support.


More information about the Freeradius-Users mailing list