Freeradius and deploying client certificates for Windows OS

Vieri Di Paola vieridipaola at gmail.com
Mon May 3 18:07:02 CEST 2021


On Mon, May 3, 2021 at 3:53 PM Tony Skalski via Freeradius-Users
<freeradius-users at lists.freeradius.org> wrote:
>
> If you use Microsoft's certificate services, you can configure an automatic
> certificate enrollment group policy. This can generate certs for both users
> and computers as needed. This works for Windows clients. If you have other
> clients, you will want an MDM or alternatively a certificate onboarding
> solution, though if you have Macs joined to Active Directory, you should be
> able to issue the certs without a for-pay MDM.

Yes, most of the clients are Windows.
I was in fact thinking of following a guide such as this one:
https://docs.druva.com/Knowledge_Base/inSync/How_To/How_to_set_up_automatic_certificate_enrollment_in_Active_Directory
However, as I have 0 experience with M$ solutions I was wondering if
anyone knew beforehand if the certs deployed by the Microsoft
Certification Authority via AD group policy will be compatible with
FreeRADIUS without extra fiddling.
I'm asking because I wouldn't want to work my way out of Microsoft
madness to finally find out that the certs are incompatible unless
mangled as noted in this post (which might be outdated):
http://lists.freeradius.org/pipermail/freeradius-users/2006-October/013613.html

Thanks,

Vieri


More information about the Freeradius-Users mailing list