Windows xp wifi stuck validating identity
When you list root CAs from other organizations in the "CA_file", you permit them to masquerade as you, to authenticate your users, and to issue client certificates for EAP-TLS. It is easy enough to distribute certificates using GPOs. Baring that, do your own star certificate (that is signed by a Root CA), you could sign your RADIUS server's certificate with?The disadvantages of the first two options is that it opens your 802.1X scheme up to Mi TM attacks.After payment is complete, users are enabled in the RADIUS database, and can then reconnect to the WPA2-Enterprise SSID to get online.Since I had a hard deadline to get it up and running, it was only tested with Android and i OS, neither of which had any real problem.We're deploying a wireless networking using Windows Server 2008 NAC as a RADIUS server.When Windows XP or 7 clients connect they initally fail to connect.
From a security standpoint the best option is setup a captive portal.
It's not a recommended configuration to have a external root CA sign your RADIUS server's certificate.
This is from the Free RADIUS documentation but I expect it is equal valid for the Microsoft implementation: In general, you should use self-signed certificates for 802.1x (EAP) authentication.
Then my Windows 10 laptop could not connect (both have connected before).
Only clients that have not disconnect from the network were still able to access it.
In order to enable the client to connect we have to add the network manually and un-check the "Validate server certificate" as shown in the screenshot below.