Machine authentication against AD CS
Matthew Newton
mcn at freeradius.org
Wed Jul 18 12:13:36 CEST 2018
On Wed, 2018-07-18 at 11:30 +0200, Olivier Le Monnier wrote:
> What I — normally — need to do is to verify the host certificate
> against the AD CS.
Put a copy of the AD root CA certificate on the FreeRADIUS server.
Configure the "ca_file" setting in raddb/mods-enabled/eap (in the "tls-
config tls-common" section) to point at the root CA file.
If you want to do further checks on the certificate, use the "check-
eap-tls" virtual server (see comments in the eap module config).
--
Matthew
More information about the Freeradius-Users
mailing list