EAP-TLS and Active Directory

Simon Larsson simlar at live.se
Wed Nov 25 10:22:52 CET 2015

Hi there! 

I’m having a problem where I don’t fully understand exactly how EAP-TLS works in regards to authorization. 

I'm trying to implement a 802.1x wireless network which uses EAP-TLS for security reasons. I already have a Windows server with a Certificate Authority, so that's not really an issue. All I have to do there is to create the certificates and then insert them into both the FreeRADIUS server and all the clients.

Here’s my problem. As I understand it, EAP-TLS uses the certificates for authentication and therefor my users credentials become less important (not needed to log in to the network).
Now, if my users never enter their credentials and the FreeRADIUS server never checks with Active Directory for authorization, what decides what network resources a specific user should have access to?  

My goal here is to have it so that when a user connects to the network, the user should automatically get access that users network resources.

Thanks in advance, 

More information about the Freeradius-Users mailing list