Windows xp connecting to wireless network validating identity
Students can use their BYOD devices to connect and reach the portal, pass their user authentication credentials to the portal and the portal can then talk to the RADIUS server.Eduroam is another popular choice for educational organizations.Visit Stack Exchange We're deploying a wireless networking using Windows Server 2008 NAC as a RADIUS server.When Windows XP or 7 clients connect they initally fail to connect.
I have never had a problem connecting to wireless networks with Windows XP until just the past year it seems.
It's not a recommended configuration to have a external root CA sign your RADIUS server's certificate.
This is from the Free RADIUS documentation but I expect it is equal valid for the Microsoft implementation: In general, you should use self-signed certificates for 802.1x (EAP) authentication.
When you list root CAs from other organizations in the "CA_file", you permit them to masquerade as you, to authenticate your users, and to issue client certificates for EAP-TLS. It is easy enough to distribute certificates using GPOs. Baring that, do your own star certificate (that is signed by a Root CA), you could sign your RADIUS server's certificate with?
The disadvantages of the first two options is that it opens your 802.1X scheme up to Mi TM attacks.