Sallee, Stephen (Jake) wrote:
The documentation mentions special OID’s that need to be present for MS machines to accept the cert, but I can’t find WHAT those OID’s are so I can make sure I include them in the CSR.
See the files in raddb/certs, or read eap.conf. It's all there.
I know the docs also say that it is not best practices to use a publicly signed cart because ANYONE can auth against the server, however since I am in a position where almost all of the computers will NOT be managed by our staff (they are student workstations) a public cert seems perfect.
It's not a good idea because anyone can pretend to be the server, too.
If anyone has another route that will allow me to auth windows clients without having to manually install certs and/or manually configuring the wireless adapters I would be very grateful to hear your suggestions.
Not much. Blame Microsoft for not making it easy. Alan DeKok.