I mean, if you refer to the "validate server certificate" option, you
will need to have a CA installed on the RADIUS side (probably your
domain CA), then generate a server certificate signed with the CA for
RADIUS, but you only need to install the CA on the machines, not client
certs.
That can be easily done using a GPO like others said.
Unless you want to do EAP-TLS, but that's another story.
On 12-01-06 4:07 PM, McSparin, Joe wrote:
I don't have any particular desire to use certificates thus far in testing mode
have been using PEAP and just ignoring the warning that tells me there is a
certificate on the server that doesn't match. I assumed in deployment I would
have to install certificates so the users wouldn't be confused when they saw
that message. I thought that FreeRadius had to have certificates set up even
if they were just example ones. Radiusd -X runs bootstrap which creates
example certificates automatically. This led me to believe that certificates
were somehow integral to 802.1x. Is that not the case? If so how can you take
certificates completely out of the equation?
Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcspa...@hillcountrymemorial.org
-----Original Message-----
From:
freeradius-users-bounces+jmcsparin=hillcountrymemorial....@lists.freeradius.org
[mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial....@lists.freeradius.org]
On Behalf Of David Mitton
Sent: Friday, January 06, 2012 12:44 PM
To: freeradius-users@lists.freeradius.org
Subject: RE: Distributing Certificates
You can do such things as suggested... but you haven't articulated
what your goal is and what you will be using the certificates for?
802.1X doesn't "require" certificates... but you may want to use them
depending on what you are trying to do.
Dave.
Quoting "Danner, Mearl"<jmdan...@samford.edu>:
If you are using AD and have a CA set up you can create
autoenrollment gpo's for domain attached machines. You can issue
either user or computer certs. Can also configure the Windows
wireless supplicant via gpo.
Mearl
From:
freeradius-users-bounces+jmdanner=samford....@lists.freeradius.org
[mailto:freeradius-users-bounces+jmdanner=samford....@lists.freeradius.org]
On Behalf Of McSparin, Joe
Sent: Friday, January 06, 2012 10:18 AM
To: FreeRadius users mailing list
Subject: Distributing Certificates
Now that I have my Radius server configured I need to begin
implementation I have 600 computers that will be using it. The
question I am wondering is do I have to go around and install a
certificate on every one of the computers and then maintain that
every year changing out the certificate on 600 computers or is there
some way that the server passes out certificates when the machine
logs on. Or do I have an incorrect understanding of how to
implement 802.1x security.
Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcspa...@hillcountrymemorial.org
________________________________________
This email message and any attachments are for the sole use of the
intended recipient(s) and contain confidential and/or privileged
information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient,
please contact the sender by reply email and destroy all copies of
the original message and any attachments.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
