[EXTERNAL] Re: Machine authentication with client certificate to Samba DC
Tim ODriscoll
tim.odriscoll at lambrookschool.co.uk
Thu Mar 30 14:12:20 UTC 2023
> If I deploy my FR CA to the client devices along with the WiFi profile pointing to that CA, surely the client devices will only connect to legitimate APs as the certificate will match the pre-installed FR CA?
Answering my own question here (I think):
This link's explanation of the PEAP protocol tells me that I if I just deploy the FR CA cert to the client machines and set the GPO to validate the WiFi connection with it, then the client shouldn't connect to any rogue AP's:
https://en.wikipedia.org/wiki/Protected_Extensible_Authentication_Protocol#PEAPv0_with_EAP-MSCHAPv2
I think I'll do that tomorrow!
Thank you
Tim
More information about the Freeradius-Users
mailing list