RADIUS wifi not working on Windows with domain users

[Alan DeKok]

On Apr 10, 2018, at 5:27 AM, Stefan Winter <stefan.winter at restena.lu> wrote:
> That's what I meant with "gaping security hole". An attacker can simply
> set up a Wi-Fi network with the same SSID and arbitrary RADIUS server,
> and your computer will happily send your username and password to that
> rogue attacker when in the vicinity.

  The hope is that most new devices will do certificate pinning.  After the first authentication, they cache the CA.  And if the CA changes, they complain and refuse to authenticate.

  Alan DeKok.