On Wed, Nov 25, 2015 at 11:14:20AM +0000, Scott Armitage wrote:
On 25 Nov 2015, at 11:07, Matthew Newton <mcn4@LEICESTER.AC.UK> wrote: We check the certificate subject against the AD LDAP to ensure that the machine is permitted to connect.
Not telling you how to suck eggs Matthew, but couldn’t you improve efficiency by using an OCSP check instead.
We do that as well. That doesn't check that the machine is in a particular group, though :-). Not all machines are permitted to join the wireless network. Matthew (still learning how to suck eggs properly) -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>