[EXT] Re: 802.1x with GoDaddy Certificates EAP-TTLS

Brian Julin BJulin at clarku.edu
Thu Jun 29 16:26:22 UTC 2023



Paul Bone <paul.bone at probitas-solutions.tech> wrote:
> If anyone on this list has a cost effective onboarding solution for 802.1x I would certainly be interested.

Apple is easy.  iPhones, iPads, and MacOS laptops just need to load a .mobileconfig file.

You might want to look where the EDUROAM-CAT product is at the moment, as it is actively developed.

Anything android will require an app most likely, which means to bundle a site config, you or the provider of the app would have to publish a site-specific edition of the app in Google's Store.

The captive portal support built into Apple, Android, and Windows tends to get broken by the vendors quite often, but is very useful when it actually works and can be used to push profiles on an open SSID as long as your security needs do not prohibit some slack during initial onboarding.

We haven't done much on onboarding clients here, because we also have a NAC, and unless we were to use the expensive onboarding in that product, we'd have to add a step to an already onerous (from an end-user's perspective) process.  Not to mention the expensive onboarding isn't exactly tightly integrated... you'd think for that much cash they would have smoothed it out but no...

Really we need one opensource client that does NAC posture assessment and installs wifi profiles with minimal need for user interaction, since the market does not seem to want to provide one at any price, nevermind a decent price.



More information about the Freeradius-Users mailing list