Machine authentication against AD CS

Matthew Newton mcn at
Wed Jul 18 12:13:36 CEST 2018

On Wed, 2018-07-18 at 11:30 +0200, Olivier Le Monnier wrote:
> What I — normally — need to do is to verify the host certificate
> against the AD CS. 

Put a copy of the AD root CA certificate on the FreeRADIUS server.
Configure the "ca_file" setting in raddb/mods-enabled/eap (in the "tls-
config tls-common" section) to point at the root CA file.

If you want to do further checks on the certificate, use the "check-
eap-tls" virtual server (see comments in the eap module config).


More information about the Freeradius-Users mailing list