[strongSwan] Windows 10 DeviceTunnel and rightid via LDAP/AD or RADIUS?

Tobias Brunner tobias at strongswan.org
Wed Jun 26 10:25:38 CEST 2019

Hi Stephan,

> This work as expected but all clients have to have certificates where the DN is part oft he same LDAP-tree

You could add multiple connections (using `also=<existing connection>`)
each with different remote identities.

> Is there a possibility to extend the authorization with group memebrship
> coming from LDAP/AD or RADIUS?

Not if you don't authenticate against RADIUS [1], which is not possible
with machine certificates, only via EAP-TLS, which relies on user
certificates on Windows.



More information about the Users mailing list