Addition: Set up AD Certification Services to issue certificates to domain-joined computer. Configure AD CS to publish CRLs to HTTP instead of LDAP. Create a certificate template with special EKUs: 1.3.6.1.5.5.7.3.14 (EAPoL) and 1.3.6.1.5.5.7.3.2 (Client auth). Use EAPoL EKU in WLAN Group policy to configure certificate selection for EAP-TLS. Configure automatic enroll of those certificates to "domain computers" group. Also it looks like easier to setup Microsoft NPS as RADIUS if most of your clients are Windows. As you need EAP-TLS for computers and PEAP-MSCHAPv2 for unmanaged devices. PEAP is quite difficult to setup and manage with FreeRADIUS, IMO. Recommended book to read about both PKI, CA, Enterprise Wireless is "Windows Server 2008 PKI and Certificate Security" by Brian Komar. It's quite old, but most of it is still relevant in 2024. This can be found in online shops or torrents. On 2024-11-19 14:32, Alexey D. Filimonov wrote:
Does someone know how to obtain the machine account password or nt-password from a windows machine account
On 2024-11-18 17:48, Rodrigo Antunes via Freeradius-Users wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html