FreeRadius and WPA2-Enterprise machine authentication - With Active Directory interconnection..

Tim Reimers treimers at
Thu Dec 11 21:16:41 CET 2014

Hi everyone - 

I'm trying to design something here that I'm sure has been done before, but AFAIK, it crosses through a few different howto documents, and 
being new to this, I'm just not certain that I have pieced together all the relevant HOWTo docs and not missed a 
point at which the design won't communicate the needed information.

The plan is to authenticate wireless users AND their computers. (so that a user cannot BYOD to the secure network; only laptops joined to the domain will work)

I know that WPA2-Enterprise is what I need, to be able to have rotating keys, use Radius for authentication, etc.
I know that WPA2-Enterprise requires certificates to validate the machines

I already have a Microsoft CA server running in my AD environment, with the GPO needed to push out workstation certificate enrollment
and so on, for other applications.

My question is - 
Can FreeRadius (3.0.1) on centos 7 
be configured to do the machine authentication using certs from the Microsoft CA server?
Meraki is the wireless infrastructure, if that helps.

Thanks, Tim

More information about the Freeradius-Users mailing list