eap-tls on non-domain computers?!
Alan DeKok
aland at deployingradius.com
Thu Oct 4 22:39:17 CEST 2018
On Oct 4, 2018, at 4:10 PM, Elias Pereira <empbilly at gmail.com> wrote:
> I have an environment with samba4 ADDC and freeradius for eap-tls
> authentication. For computers that are in the domain, eap-tls
> authentication with personal certificate is already working.
What does that mean? EAP-TLS is certificate-based authentication. It has nothing whatsoever to do with AD domains.
> I would like to do EAP-TLS authentication for computers that are not in our
> domain, ie private computers, but that the user is part of our domain.
>
> Is there any way to do this via eap-tls?
If the computer has a correct client certificate, then they will be authenticated via EAP-TLS.
Why do you think EAP-TLS requires domain checks? Or maybe more correctly, what have you done to your system that ties EAP-TLS to the AD domain?
Alan DeKok.
More information about the Freeradius-Users
mailing list