EAP-TLS and Active Directory

Matthew Newton mcn4 at leicester.ac.uk
Wed Nov 25 12:31:06 CET 2015

On Wed, Nov 25, 2015 at 11:14:20AM +0000, Scott Armitage wrote:
> > On 25 Nov 2015, at 11:07, Matthew Newton <mcn4 at LEICESTER.AC.UK> wrote:
> > We check the certificate subject against the AD LDAP to ensure
> > that the machine is permitted to connect.
> Not telling you how to suck eggs Matthew, but couldn’t you improve efficiency by using an OCSP check instead.

We do that as well.

That doesn't check that the machine is in a particular group,
though :-). Not all machines are permitted to join the wireless

(still learning how to suck eggs properly)

Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list