Sallee, Stephen (Jake) wrote: > The documentation mentions special OID’s that need to be present for MS > machines to accept the cert, but I can’t find WHAT those OID’s are so I > can make sure I include them in the CSR.
See the files in raddb/certs, or read eap.conf. It's all there. > I know the docs also say that it is not best practices to use a publicly > signed cart because ANYONE can auth against the server, however since I > am in a position where almost all of the computers will NOT be managed > by our staff (they are student workstations) a public cert seems perfect. It's not a good idea because anyone can pretend to be the server, too. > If anyone has another route that will allow me to auth windows clients > without having to manually install certs and/or manually configuring the > wireless adapters I would be very grateful to hear your suggestions. Not much. Blame Microsoft for not making it easy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
