802.1x with GoDaddy Certificates EAP-TTLS
Alan DeKok
aland at deployingradius.com
Thu Jun 29 15:34:50 UTC 2023
On Jun 29, 2023, at 11:18 AM, Paul Bone <paul.bone at probitas-solutions.tech> wrote:
> I have a very similar issue with radius assigned VLAN multi-tenant building networks - so far it is only Google phones that have stopped working with our 802.1x SSID and I have to put them on a MAC auth SSID instead which used to only be used for printers and other devices not supporting 802.1X - and obviously privacy MAC has to be disabled as well.
>
> I suspect many other Android devices will probably follow suit soon.
It's likely that those devices were configured with "don't validate server certificate". This was always wrong and insecure.
Recent WiFi standards have mandated that devices validate the server certificate. i.e. the devices must do that in order to use the"WiFi compatible" logo.
As a result, we will soon see a whole set of devices which can't get on the net. The best solution is to fix their configuration so that it's secure.
Alan DeKok.
More information about the Freeradius-Users
mailing list