Arran, I have a private CA and I've created the server and client certs of course...and I've generated the .p12 cert (includind the CA cert) to install in my Windows 7 clients....it works OK.
What I mean is that EAP-TLS is easier to me than AD authentication at this point, because I've just put it to work...and if I want to use AD auth I have to take EAP-TLS out and start again with NTLM / AD authentication....is it OK ??? Regards 2013/9/18 Arran Cudbard-Bell <a.cudba...@freeradius.org>: > > On 18 Sep 2013, at 15:39, Roberto Carna <robertocarn...@gmail.com> wrote: > >> Sorry, so I'm a bit confused... >> >> I'm using Windows 7 clients for accesing the WiFi network through >> EAP-TLS with X.509 certificates. But in this way, I could see that I >> can authenticate users or hosts...if I choose users, I can see a >> dialog box to fill user and password and I suppose they are checked >> against MySQL database (because I see the query in debug mode). Is >> this correct or not ??? > > MySQL can be used to retrieve additional attributes associated with a > given user/host. It can even perform lookups based on fields in the > cert presented, but it can't be used to store X.509 certificate data. > >> And finally, if I use EAP-TLS with X.509 certificates, do you mean I >> don't need to use the authentication against the active directory >> database ??? Maybe this is easier to me because I've put EAP-TLS to >> work. > > No, the easier way is to complete the certificate chain using the > signing cert which created the client certs in the first place. This needs > to be made available to the EAP-TLS module. > > -Arran > > Arran Cudbard-Bell <a.cudba...@freeradius.org> > FreeRADIUS Development Team > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html