On 18 Sep 2013, at 15:39, Roberto Carna <robertocarn...@gmail.com> wrote:
> Sorry, so I'm a bit confused... > > I'm using Windows 7 clients for accesing the WiFi network through > EAP-TLS with X.509 certificates. But in this way, I could see that I > can authenticate users or hosts...if I choose users, I can see a > dialog box to fill user and password and I suppose they are checked > against MySQL database (because I see the query in debug mode). Is > this correct or not ??? MySQL can be used to retrieve additional attributes associated with a given user/host. It can even perform lookups based on fields in the cert presented, but it can't be used to store X.509 certificate data. > And finally, if I use EAP-TLS with X.509 certificates, do you mean I > don't need to use the authentication against the active directory > database ??? Maybe this is easier to me because I've put EAP-TLS to > work. No, the easier way is to complete the certificate chain using the signing cert which created the client certs in the first place. This needs to be made available to the EAP-TLS module. -Arran Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
