802.1x Wi-Fi with FreeIPA workstation certificates
Goal
Make FreeIPA-joined workstations be able to authenticate to Enterprise Wi-Fi.
- Theory
- Prerequisites
- Certificate profile
- Configure client
- FreeRADIUS: Join FreeIPA
- FreeRADIUS: Install
- FreeRADIUS: create files
- FreeRADIUS: wifi server
- FreeRADIUS: eap_wifi
- FreeRADIUS: issue server certificates
- FreeRADIUS: configure AP clients
- FreeRADIUS: run debug mode
- Connect client
- FreeRADIUS: Check certificate EKUs
- FreeRADIUS: Check against LDAP
- Extra: Add VLAN IDs per AP
- Extra: Forward to AD NPS (unfinished)