Hi, > That road is painful. What we've come up so far with is supplying > pre-configured supplicants (SecureW2) that bring the proper CA certificate > along and set the expected CN automatically. It can even be preconfigured to > auto-discard any other certificates, which doesn't give the user any > opportunity to mess around. > Of course, that is just pre-setting checkboxes in the supplicant. If a user > *really* wants to sacrifice security for getting online cheap and easy on > possible fraud networks, he can still toggle the settings manually later and > shoot himself in the foot with it. > > For the built-in supplicant in XP/Vista: it generally sucks. There is the > new "Wireless Native API" that is supposed to allow scripted auto-setups of > 802.1X settings for an SSID, but we haven't tested if that's really > practical. If you can find a student to code on that API, please go ahead :-)
we have a similar method - preconfigured setup installer for OpenSEA (open1x.sf.net) and SecureW2 3.x - both have the required CN etc already set. handy for ensuring people have eduroam already configured too ;-) my main issue with securew2 is that it is really just a windows zero config supplicant plugin - ie it inherits all the windows supplicant issues. the cisco (pre meetinghouse) supplicant is one of the best (aironet desktop utility) - the meetinghouse client is interesting - users cannot simply configure the supplicant for EAP networks - an admin system needs to be used to push settings out. not handy for those users with EAP at home :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
