cancel
Showing results for 
Search instead for 
Did you mean: 

EAC Join to domain need?

EAC Join to domain need?

rgarciapow
New Contributor

Hello,

I have a question about EAP design, the join to domain is necessary in EAC to use EAP-PEAP_MSCHAP_v2 and EAP-TLS?, What is the reason?

I read in other forums that to use EAP-TLS is not necessary doing join but I am not sure of this.

Regards

1 ACCEPTED SOLUTION

Robert_Haynes
Extreme Employee

Domain Join is technically not required for EAP-TLS as the credentials are presented in the client certificate exchange and validated against the AAA trust store.

However the design of Control is to 'join' the domain for any configured LDAP server and this is to ensure functionality if any other 802.1x method is being used. If you want to perform additional functions for LDAP lookup of user attributes or the like these would still require Control to join the domain as well.

View solution in original post

2 REPLIES 2

Robert_Haynes
Extreme Employee

Domain Join is technically not required for EAP-TLS as the credentials are presented in the client certificate exchange and validated against the AAA trust store.

However the design of Control is to 'join' the domain for any configured LDAP server and this is to ensure functionality if any other 802.1x method is being used. If you want to perform additional functions for LDAP lookup of user attributes or the like these would still require Control to join the domain as well.

Stefan_K_
Valued Contributor

Correct, not needed for EAP-TLS.

GTM-P2G8KFN