Machine authentication against AD CS

[Olivier Le Monnier]

Hi everyone, 

I've been searching for documentation about FR to manage hosts Access-Requests of this type : 

———— 
(0) Received Access-Request Id 139 from 10.14.240.106:32773 to 10.14.129.201:1812 length 324 
(0) User-Name = "host/C304Z-HP2560.campus.unicaen.fr" 
(0) Chargeable-User-Identity = 0x00 
(0) Location-Capable = Civix-Location 
(0) Calling-Station-Id = "08-11-96-6e-09-5c" 
(0) Called-Station-Id = "00-3a-99-91-f1-10:flexi" 
(0) NAS-Port = 13 
(0) Cisco-AVPair = "audit-session-id=0a0ef06a0008a5df5b4c8983" 
(0) Acct-Session-Id = "5b4c8983/08:11:96:6e:09:5c/611634" 
(0) NAS-IP-Address = 10.14.240.106 
(0) NAS-Identifier = "C1-AC5-A1" 
(0) Airespace-Wlan-Id = 10 
(0) Service-Type = Framed-User 
(0) Framed-MTU = 1300 
(0) NAS-Port-Type = Wireless-802.11 
(0) Tunnel-Type:0 = VLAN 
(0) Tunnel-Medium-Type:0 = IEEE-802 
(0) Tunnel-Private-Group-Id:0 = "120" 
(0) EAP-Message = 0x0202002801686f73742f433330345a2d4850323536302e63616d7075732e756e696361656e2e6672 
(0) Message-Authenticator = 0x6965b96bd6574a69e7b1e88560e90146 

What I — normally — need to do is to verify the host certificate against the AD CS. 

Did anyone here managed to do that? 
It would be nice to share or at least show me the breadcrumbs I need to follow… 

Thank you in advance! 

-- 
ૐ — Olivier Le Monnier — ☎ 023156.6209 
Pôle Infrastructures — SysAdmin Linux 
Direction du Système d'Information 
Université de Caen Normandie 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2027 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180718/bfa55ba5/attachment.bin>