On Fri, Jul 01, 2016 at 04:46:50PM +0200, Mathieu Simon (Lists) wrote:
Do some of you use different EAP methods like i.e. EAP-TLS for corporate devices while a password-based method is used for personal devices. Ideally if a certificate was given out for each corporate device and user as well as per BYOD device, well then it would be easy to identify things...
Yes.
But that's requiring a whole CA and issuing infrastructure while trying to keep onboarding personal devices as simple as possible for users.
Yes.
I don't have a urgent need for it right now but I have tried to get an idea on that topic yet haven't found a satisfying path (and without working every day with FreeRADIUS that is). Maybe someone is willing to share his or her experiences?
Currently, EAP-TLS for laptops on the managed service, PEAP/TTLS MSCHAP stuff or user devices. They currently connect to different SSIDs, which also helps - but that wouldn't be hard to change. e.g. User-Name matches host/..., do EAP-TLS and make sure we issued the cert. Otherwise, if User-Name matches /@/, treat as user. Matthew -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>