On 09/18/2013 11:01 AM, Roberto Carna wrote: > Arran, I have a private CA and I've created the server and client > certs of course...and I've generated the .p12 cert (includind the CA > cert) to install in my Windows 7 clients....it works OK. > > What I mean is that EAP-TLS is easier to me than AD authentication at > this point, because I've just put it to work...and if I want to use AD > auth I have to take EAP-TLS out and start again with NTLM / AD > authentication....is it OK ???
I think you have a misconception. The client decides what type of authentication mechanism it's going to use. The radius server should be able to handle a wide variety of authentication mechanisms supplied by a diverse range of clients. So in your case you've got one mechanism working, great, now add support for another, when you're done your radius server can handle 2 mechanisms. Keep iterating on this basic cycle until your server supports the range of clients you need to support. -- John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html