FreeRadius and WPA2-Enterprise machine authentication - With Active Directory interconnection..
Alan DeKok
aland at deployingradius.com
Thu Dec 11 21:26:46 CET 2014
On Dec 11, 2014, at 3:16 PM, Tim Reimers <treimers at ashevillenc.gov> wrote:
> The plan is to authenticate wireless users AND their computers. (so that a user cannot BYOD to the secure network; only laptops joined to the domain will work)
You can’t do 2 authentications for one system. If the computers have machine accounts, they can do 802.1X to get on the network. The users will do domain authentication to AD, but that’s *after* the systems are on the network.
> I already have a Microsoft CA server running in my AD environment, with the GPO needed to push out workstation certificate enrollment
> and so on, for other applications.
Just configure it in AD. AD should push the machine credentials to the machines.
> My question is -
> Can FreeRadius (3.0.1) on centos 7
> be configured to do the machine authentication using certs from the Microsoft CA server?
Yes. Lots of people are doing this.
Alan DeKo.
More information about the Freeradius-Users
mailing list