Hello, I'm looking for a way to integrate devices from partner companies into our network. I planned to provide a extra VLAN at every site which allows nothing but basic internet access without a captive portal. They normally use certificate based authentication via EAP-TLS which leads me to my problem: - By default, Windows is configured to ignore certificate handshakes with RADIUS servers it does not trust. As the devices were provisioned by third party companies there is no way that their configiuration would trust my self signed RADIUS certificates - I tried working around this issue by providing MAB authentication but the devices seem to notice that their preferred authentication method (dot1x) fails and just try it again after some cooldown time -> this behavior leads to reoccuring disconnects from the network (I've already set the reauthenticate timer to 23 hours so the reauthentication would not accur during business times)
What is the best way to handle this kind of device? The notebooks sadly don't support captive portal (because they require a VPN tunnel before any kind of web traffic is allowed) which is why they can't use our Guest-Wifi. If you need any more information, feel free to ask. Thank you! Greetings Heiko ASAP Engineering GmbH?Sachsstra?e?1A?|?85080?Gaimersheim Tel. +49 (8458) 3389 0?|?Fax. +49 (8458) 3389 399 heiko.matth...@asap.de?|?www.asap.de Gesch?ftsf?hrer: Michael Neisen,?Robert Werner,?Christian Schweiger?| Sitz der Gesellschaft:?Gaimersheim | Amtsgericht:?Ingolstadt HRB 5408 Datenschutz: Ausf?hrliche Informationen zum Umgang mit Ihren personenbezogenen Daten bei ASAP erhalten Sie auf unserer Website unter www.asap.de\datenschutz. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
