Sorry, so I'm a bit confused... I'm using Windows 7 clients for accesing the WiFi network through EAP-TLS with X.509 certificates. But in this way, I could see that I can authenticate users or hosts...if I choose users, I can see a dialog box to fill user and password and I suppose they are checked against MySQL database (because I see the query in debug mode). Is this correct or not ???
And finally, if I use EAP-TLS with X.509 certificates, do you mean I don't need to use the authentication against the active directory database ??? Maybe this is easier to me because I've put EAP-TLS to work. Thanks a lot, Roberto 2013/9/18 Alan DeKok <al...@deployingradius.com>: > Roberto Carna wrote: >> Dear, I have several Windows 7 clients over WiFi autheticating throug >> EAP-TLS to a Freeradius 2.1 service against a local MySQL database, it >> works OK. > > EAP-TLS doesn't use MySQL for storing credentials. Everything is in > the certificate. > >> Now I have to change the authentication from MySQL to a remote Active >> Directory on a Windows 2012 server. > > FreeRADIUS is an authentication server. MySQL is not. It's a database. > > Using the correct terminology menas it's easier to come up with a > solution. Using the wrong terminology means you're lost, and you can't > find a solution. > >> Because I don't know so much about Windows world, I need to know if I >> have to use NTLM, LDAP or Kerberos in order to authenticate against >> the remote AD. > > For MS-CHAP and PEAP, you use ntlm. You don't have any other choice. > > For EAP-TLS, you don't use AD or MySQL. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html