I don't have any particular desire to use certificates thus far in testing mode have been using PEAP and just ignoring the warning that tells me there is a certificate on the server that doesn't match. I assumed in deployment I would have to install certificates so the users wouldn't be confused when they saw that message. I thought that FreeRadius had to have certificates set up even if they were just example ones. Radiusd -X runs bootstrap which creates example certificates automatically. This led me to believe that certificates were somehow integral to 802.1x. Is that not the case? If so how can you take certificates completely out of the equation?
Joseph R. McSparin Network Administrator Hill Country Memorial Hospital 830 990 6638 phone 830 990 6623 fax [email protected] -----Original Message----- From: freeradius-users-bounces+jmcsparin=hillcountrymemorial....@lists.freeradius.org [mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial....@lists.freeradius.org] On Behalf Of David Mitton Sent: Friday, January 06, 2012 12:44 PM To: [email protected] Subject: RE: Distributing Certificates You can do such things as suggested... but you haven't articulated what your goal is and what you will be using the certificates for? 802.1X doesn't "require" certificates... but you may want to use them depending on what you are trying to do. Dave. Quoting "Danner, Mearl" <[email protected]>: > If you are using AD and have a CA set up you can create > autoenrollment gpo's for domain attached machines. You can issue > either user or computer certs. Can also configure the Windows > wireless supplicant via gpo. > > Mearl > > From: > freeradius-users-bounces+jmdanner=samford....@lists.freeradius.org > [mailto:freeradius-users-bounces+jmdanner=samford....@lists.freeradius.org] > On Behalf Of McSparin, Joe > Sent: Friday, January 06, 2012 10:18 AM > To: FreeRadius users mailing list > Subject: Distributing Certificates > > Now that I have my Radius server configured I need to begin > implementation I have 600 computers that will be using it. The > question I am wondering is do I have to go around and install a > certificate on every one of the computers and then maintain that > every year changing out the certificate on 600 computers or is there > some way that the server passes out certificates when the machine > logs on. Or do I have an incorrect understanding of how to > implement 802.1x security. > Joseph R. McSparin > Network Administrator > Hill Country Memorial Hospital > 830 990 6638 phone > 830 990 6623 fax > [email protected] > > ________________________________________ > This email message and any attachments are for the sole use of the > intended recipient(s) and contain confidential and/or privileged > information. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the intended recipient, > please contact the sender by reply email and destroy all copies of > the original message and any attachments. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
