This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EAC Join to domain need?

EAC Join to domain need?

Go to solution
rgarciapow
New Contributor

‎04-03-2024 11:49 PM

Hello,

I have a question about EAP design, the join to domain is necessary in EAC to use EAP-PEAP_MSCHAP_v2 and EAP-TLS?, What is the reason?

I read in other forums that to use EAP-TLS is not necessary doing join but I am not sure of this.

Regards

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Robert_Haynes
Extreme Employee

‎04-04-2024 05:50 AM

Domain Join is technically not required for EAP-TLS as the credentials are presented in the client certificate exchange and validated against the AAA trust store.

However the design of Control is to 'join' the domain for any configured LDAP server and this is to ensure functionality if any other 802.1x method is being used. If you want to perform additional functions for LDAP lookup of user attributes or the like these would still require Control to join the domain as well.

View solution in original post

2 REPLIES 2

Go to solution
Robert_Haynes
Extreme Employee

‎04-04-2024 05:50 AM

Domain Join is technically not required for EAP-TLS as the credentials are presented in the client certificate exchange and validated against the AAA trust store.

However the design of Control is to 'join' the domain for any configured LDAP server and this is to ensure functionality if any other 802.1x method is being used. If you want to perform additional functions for LDAP lookup of user attributes or the like these would still require Control to join the domain as well.

Go to solution
Stefan_K_
Valued Contributor

‎04-04-2024 01:02 AM

Correct, not needed for EAP-TLS.

GTM-P2G8KFN