Getting EAP+TLS from a Windows domain
I'm currently trying to set up Linux laptops to be a part of a Windows 2003 domain. This is a potential cost saving measure that, if it works, will result in something like 1000 laptops getting an upgrade from Windows XP to the current version of Debian (Debian because I'm the only Linux geek in the IT department and I use Debian so I'm sticking with what I know) instead of being retired.
I have my test machine joined to and logging into the domain so long as it's plugged into the wired network. Here's the tricky part: our wireless system uses WPA EAP+TLS. That, in itself, is not tricky as I know how to set that up through Network Manager already and I suspect it's not much different if I have to go to wicd. The tricky part is that the domain controller hands out the appropriate certificates automatically whenever a Windows machine joins the domain and even our network manager is not sure how to pull one manually without using Windows-only utilities. For this little project to be successful all of this sort of config stuff needs to be at least as transparent for Linux as it is for Windows.
If I can get these certificates to the machines from the domain controller I'm confident I can write the scripting to do the rest, but getting the certificates to begin with has me baffled. Can someone tell me how to request a certificate from a Windows domain?
|