Windows (7) Machine Certificates (Half Domain).
lists at aarcane.org
Sat Oct 15 04:17:25 CEST 2011
I've got a handful of windows clients. I'm most concerned about the
Windows 7 machines, but there are a few Vista, and even an XP client. I
want to deploy "Machine account certificates" for wifi authentication,
so machines will be able to connect to the network BEFORE the user logs
on (mainly for accessing remote shares), but only some of these machines
are connected to the local DOMAIN (Samba 3, not overly relevant I don't
think). What I would like to know is what should, or must, or what have
you, the CN or DN attribute on the certificates for these systems look
like to be used for machine authentication. I've tried just placing
certificates with cn=hostname,... to the certificate store for the
machine account, but they're never used, and the machine complains about
not having a certificate when I try t connect to wifi.
Also, most of these machines are wifi, though I plan to deploy radius on
the switch soon (once the machine auth with wifi is working).
I know this is a little off topic, but as it all relates to radius, I
hope someone here will know the proper answer(s) or where to find clear
concise documentation explaining this.
More information about the Freeradius-Users