[Samba] samba AD trusted certificate for RADIUS server (MS PKI, for example AD CS)
lists at merit.unu.edu
Tue Nov 10 10:51:42 UTC 2020
We are running a 3 DC samba AD domain, and use 802.1x authentication for
the win10 workstations to access the wired network.
We are facing the issue where, following windows updates, our windows
clients keep changing back the 802.1x settings to the windows default,
namely: to verify the server identity and do computer authentication only.
The latter is no problem, but the first one (verify server identity)
breaks the config, as our radius server does not run with a certificate
that is trusted by our domain joined win10 clients.
It was suggested to us to issue a trusted certificate to our 802.1x
radius server, for example from a MS PKI for example AD CS.
This is new territory for us. Therefore I'm asking here: did anyone
happen to keep notes for a configuration like that?
Perhaps we are not the only ones, who want to secure a radius server
with a AD trusted certificate?
Searching the samba archives does not help much.
More information about the samba