[EXT] Re: 802.1x with GoDaddy Certificates EAP-TTLS

Paul Bone paul.bone at probitas-solutions.tech
Thu Jun 29 16:31:11 UTC 2023


In the past we would provide an SSID per tenant and limit those SSIDs to their areas, but having building wide service using radius assigned VLANs is so attractive to both tenants and landlords.

It might be we have to push down the route of MAC based authentication with radius assigned VLANs for everyone but it will be more time consuming for the support team.

Sent from Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: Freeradius-Users <freeradius-users-bounces+paul.bone=probitas-solutions.tech at lists.freeradius.org> on behalf of Brian Julin <BJulin at clarku.edu>
Sent: Thursday, June 29, 2023 5:26:22 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: [EXT] Re: 802.1x with GoDaddy Certificates EAP-TTLS



Paul Bone <paul.bone at probitas-solutions.tech> wrote:
> If anyone on this list has a cost effective onboarding solution for 802.1x I would certainly be interested.

Apple is easy.  iPhones, iPads, and MacOS laptops just need to load a .mobileconfig file.

You might want to look where the EDUROAM-CAT product is at the moment, as it is actively developed.

Anything android will require an app most likely, which means to bundle a site config, you or the provider of the app would have to publish a site-specific edition of the app in Google's Store.

The captive portal support built into Apple, Android, and Windows tends to get broken by the vendors quite often, but is very useful when it actually works and can be used to push profiles on an open SSID as long as your security needs do not prohibit some slack during initial onboarding.

We haven't done much on onboarding clients here, because we also have a NAC, and unless we were to use the expensive onboarding in that product, we'd have to add a step to an already onerous (from an end-user's perspective) process.  Not to mention the expensive onboarding isn't exactly tightly integrated... you'd think for that much cash they would have smoothed it out but no...

Really we need one opensource client that does NAC posture assessment and installs wifi profiles with minimal need for user interaction, since the market does not seem to want to provide one at any price, nevermind a decent price.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list