LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-17-2014, 11:48 AM   #1
sisk
LQ Newbie
 
Registered: Sep 2006
Posts: 24

Rep: Reputation: 0
Getting EAP+TLS from a Windows domain


I'm currently trying to set up Linux laptops to be a part of a Windows 2003 domain. This is a potential cost saving measure that, if it works, will result in something like 1000 laptops getting an upgrade from Windows XP to the current version of Debian (Debian because I'm the only Linux geek in the IT department and I use Debian so I'm sticking with what I know) instead of being retired.

I have my test machine joined to and logging into the domain so long as it's plugged into the wired network. Here's the tricky part: our wireless system uses WPA EAP+TLS. That, in itself, is not tricky as I know how to set that up through Network Manager already and I suspect it's not much different if I have to go to wicd. The tricky part is that the domain controller hands out the appropriate certificates automatically whenever a Windows machine joins the domain and even our network manager is not sure how to pull one manually without using Windows-only utilities. For this little project to be successful all of this sort of config stuff needs to be at least as transparent for Linux as it is for Windows.

If I can get these certificates to the machines from the domain controller I'm confident I can write the scripting to do the rest, but getting the certificates to begin with has me baffled. Can someone tell me how to request a certificate from a Windows domain?
 
Old 02-18-2014, 01:52 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
The Windows autoenrollment mechanism relies heavily on Group Policy settings. Since there are no Group Policy Client Extensions for Linux, I doubt you could make this work. Also, the certificate is issued to the AD computer account, and unless you configure Samba in "adc" mode, no computer account will exist in AD for a Linux client.

Have you considered switching to EAP-TTLS? If your hardware and software supports this EAP authentication mode, you'll only need a certificate on the server side.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Freeradius and EAP=TLS muhamed.ahmovic Linux - Newbie 3 02-20-2016 03:54 PM
[SOLVED] Postfix w/TLS, virtual domain, non-unix account Sum1 Linux - Server 3 04-29-2011 03:04 PM
Freeradius and EAP/TLS Help Needed! ? Yow Linux - Networking 0 05-29-2010 12:11 PM
Joining a linux machine to a windows domain having a wndows 2003 as domain contoller sukalyan_g SUSE / openSUSE 1 03-28-2008 02:31 AM
freeRADIUS eap-tls authentification fails at winxp pro sp2 tobi Linux - Networking 1 03-10-2006 04:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration