Can you use EAP-TLS to actually supply a username and password to a domain controller, or is it just for computer device authentication.
Client and server has cert
1. Client boots up (pre winlogon.exe) and TLS exchange happens with Radius/ACS for the device.
2. Now computer is registered with domain, user now logs into MS domain?
So on step two, the device can speak directly to the AD domain controller without passing the username/password thru a Radius/ACS?
Is this correct?