WPA2-Entreprise: which certificate to avoid changing Validate server certificate for Windows guest ?

Olivier Olivier.Nicole at cs.ait.ac.th
Mon Sep 10 11:21:40 CEST 2018


Olivier <oza.4h07 at gmail.com> writes:

> Thanks Olivier for replying here.

De rien.

> Looking at [2], Eduroam's Windows process is much longer and error-prone
> than Android's one
> [2] https://www.cs.ait.ac.th/joomla3/index.php/eduroam-set-up

I think you'd need only steps 5-8, but you better test that. The
previous steps are to make sure the certificate is validated (just the
opposite from the linkk you mentioned) and that the system does ot try
to use Windows credentials.

I think that if you do nohing, by defalt the certificate is validated,
leading to step 7-8.

> My goal is simplify this process on Windows machines to the point that
> guests would only have to fill in their login/password after importing a
> file.
> Do you think this can be achieved ?
> If I'm correctly reading your answer, the answer is (unfortunately)
> No.

I have no definite answer. Loading a file with all the details of the
connection is how it works for Mac, but I am not sure it can be acheived
with Windows (in fact, eduroam people have worked on that a bit and I
don't think they came up with any solution, so I don't think it can be
done).

Test it is my best advice, then if it works, tell you users that all
they have to do is to accept the certificate on the first connection.

Best regards,

Olivier


More information about the Freeradius-Users mailing list