Hi, > I agree for the most part. However, captive portals will still be in > use for guest access. There's less administrative and helpdesk overhead > for this type of deployment. > > On windows machines, the CA/cert trust has to be explicitly enabled. > This can be a barrier for un-managed and non-employee machines.
so visitors get a nice easy coffee-shop way onto the network whilst employees have to suffer the wrath of 21 steps of PEAP hell? nah. thats just not fair. there are several tools developing nicely which make getting onto an 802.1X network nice and easy for all people....staff, students or visitors - eg Cloudpath and su1x - with these, there is no nasty CA/cert trust for a visitor to deal with. and if they cannot get onto the supplied network, then theres always a commercial link or 3G dongle option (most modern 'road warriors' have eg 3G dongle or MiFi in their pocket to avoid stupid wifi charges at hotels ;-) ) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html