FreeRadius and WPA2-Enterprise machine authentication - With Active Directory interconnection..

Alan DeKok aland at
Thu Dec 11 21:26:46 CET 2014

On Dec 11, 2014, at 3:16 PM, Tim Reimers <treimers at> wrote:
> The plan is to authenticate wireless users AND their computers. (so that a user cannot BYOD to the secure network; only laptops joined to the domain will work)

  You can’t do 2 authentications for one system.  If the computers have machine accounts, they can do 802.1X to get on the network.  The users will do domain authentication to AD, but that’s *after* the systems are on the network.

> I already have a Microsoft CA server running in my AD environment, with the GPO needed to push out workstation certificate enrollment
> and so on, for other applications.

  Just configure it in AD.  AD should push the machine credentials to the machines.

> My question is - 
> Can FreeRadius (3.0.1) on centos 7 
> be configured to do the machine authentication using certs from the Microsoft CA server?

  Yes.  Lots of people are doing this.

  Alan DeKo.

More information about the Freeradius-Users mailing list