EAP-TLS and LDAP with Windows Server 2012R2 Native Functional Level

tj2718 at aol.com tj2718 at aol.com
Wed Oct 26 02:15:11 CEST 2016

> I was bitten by that too. Try changing it to:
> if (&Ldap-Group == "WiFi")

I made the change recommended and it still results in certificates being rejected with

(6)     if (&Ldap-Group == "WiFi")  -> FALSE

> In addition: since Ldap-Group is multi-valued, and you want to check if
> *any* of the groups is "WiFi", you may want to write instead
> if (&Ldap-Group[*] == "WiFi")

I tried this change as well but certificates were still rejected.

(6)     if (&Ldap-Group[*] == "WiFi")  -> FALSE

> There is another way to deal with this, which is to enable one of these
> settings:
>                 cacheable_name = 'no'
>                 cacheable_dn = 'no'
I also tried the cacheable_name = 'no' and tried cacheable_name = 'yes'
with certificates being rejected both times.

Is using certificates for computers mutually exclusive of being able to use Active
Directory username and passwords?

Thank you,

More information about the Freeradius-Users mailing list