Windows 7, wired 802.1x, native EAP-TLS w/o AD, NPS
timo.buhrmester at fhr.fraunhofer.de
Mon Apr 10 10:46:59 CEST 2017
I'm trying to implement 802.1x/EAP-TLS on a wired network.
Getting that to work on Linux clients was reasonably straightforward
using wpa_supplicant (and freeradius as the back-end).
However, we also have Windows (7) clients on the network, and I'm
having issues setting that up. It is my understanding that
a) EAP-TLS is mandatory for systems that claim to support 802.1x
b) Windows claims to support 802.1x.
Unfortunately, every resource I could find either assumes there's
an Active Directory infrastructure (which, fortunately, we don't
use here) and other shady things involved (NPS -- seems to be
sort of an ersatz-radius), OR talks about wireless, OR refers
to other versions of Windows, OR ... None seems to describe the
combination Windows 7, native supplicant, freeradius, no AD/NPS.
So my question, although not directly freeradius-related, is:
Does anyone have experience setting up EAP-TLS on a wired network
on Windows 7 clients? Is AD strictly required? If so, I wonder
how Windows could get away claiming to support 802.1x.
I.e.: Does anybody know whether this is possible *at all*?
I'm already considering trying 3rd party supplicants, but I'd much
rather go with the native one.
More information about the Freeradius-Users