Design question
Phil Mayers
p.mayers at imperial.ac.uk
Fri Feb 3 13:50:54 CET 2012
On 02/03/2012 12:27 AM, Dan Letkeman wrote:
>
> This would be a nightmare to manage. We have 2000+ clients. I see
> the advantage, if the certificate was compromised that this would be
> important, but how in the world would you manage this?
Use the Microsoft CA, and use machine auto-enrollment. It's the only
sensible way, if you want to use certs.
Personally we (plan to) use PEAP/MS-CHAP, and check the machine account
against AD using ntlm_auth.
More information about the Freeradius-Users
mailing list