[strongSwan] Windows 10 DeviceTunnel and rightid via LDAP/AD or RADIUS?
Tobias Brunner
tobias at strongswan.org
Wed Jun 26 10:25:38 CEST 2019
Hi Stephan,
> This work as expected but all clients have to have certificates where the DN is part oft he same LDAP-tree
You could add multiple connections (using `also=<existing connection>`)
each with different remote identities.
> Is there a possibility to extend the authorization with group memebrship
> coming from LDAP/AD or RADIUS?
Not if you don't authenticate against RADIUS [1], which is not possible
with machine certificates, only via EAP-TLS, which relies on user
certificates on Windows.
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Group-selection
More information about the Users
mailing list