a month ago
Hello,
I have a question about EAP design, the join to domain is necessary in EAC to use EAP-PEAP_MSCHAP_v2 and EAP-TLS?, What is the reason?
I read in other forums that to use EAP-TLS is not necessary doing join but I am not sure of this.
Regards
Solved! Go to Solution.
a month ago
Domain Join is technically not required for EAP-TLS as the credentials are presented in the client certificate exchange and validated against the AAA trust store.
However the design of Control is to 'join' the domain for any configured LDAP server and this is to ensure functionality if any other 802.1x method is being used. If you want to perform additional functions for LDAP lookup of user attributes or the like these would still require Control to join the domain as well.
a month ago
Domain Join is technically not required for EAP-TLS as the credentials are presented in the client certificate exchange and validated against the AAA trust store.
However the design of Control is to 'join' the domain for any configured LDAP server and this is to ensure functionality if any other 802.1x method is being used. If you want to perform additional functions for LDAP lookup of user attributes or the like these would still require Control to join the domain as well.
a month ago
Correct, not needed for EAP-TLS.