On 30/03/2023 10:20, Tim ODriscoll wrote:
I've got the radiusd self-generated CA deployed via GPO and I've got the WiFi GPO deployed and sending out the machine name. I see the machine trying to authenticate and fail. I try with a username/password and I get my VLAN accept packet.
How can I get the machine to authenticate, and how do I enforce the client certificate and install it through a GPO? I've done the CA, but the client certificate doesn't have an obvious place?
Looks like you have not set the machine to do certificate auth, so it is trying to do EAP-MSCHAPv2 with the computer account password. No idea about GPO, but as well as setting "computer auth" you will need to set the option to do I think "smart card or certificate" - at least it was something like that a few years back. FR is complaining that it can't get a password from AD to compare against (which you won't ever get from AD - certificates is definitely the way to go here). -- Matthew