Ok, so there are two problems with these scenarios in our environment. We do not run AD, we run eEdirectory, and the computers are not assgined to the users, they are all shared computer labs. This is why having separate certs for each machine is impossible as we would have to go around and install each cert manually on each machine. I think I am stuck with using at best using the same cert for each computer lab. I think that would make more sense. Dan. On Fri, Feb 3, 2012 at 7:33 AM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
Personally we (plan to) use PEAP/MS-CHAP, and check the machine account against AD using ntlm_auth.
this is what we do for machine authentication (wired/wireless)
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html