eap-tls without active directory

hello, i have a client who provides wireless access to separate entities in the same building. Right now he's using LEAP and ACS database. Now he would like to move toward eap-tls because it's the most secured.

Usually, I install eap-tls within a active directory and distribute machine certificate via global policy. Now the problem is that his laptops are not in a Active directory domain because they come from unrelated entities.

My idea was to use a fictionnal active directory just for the database purpose, and download machine certificate manually via the web. (the client gets his hand on each laptop to configure LEAP)

Does anybody have a bright idea to deploy certificates without active directory; I think that no matter what, we need a database and a CA.

Thank your for your suggestions.

Reply to
liolemaire
Loading thread data ...

A simple box with linux and freeradius.

Peter

Reply to
Peter Boosten

You could use Zeroshell available at

formatting link
which is a small linux distribution available as live cd or compact flash image for embedded devices. This Linux is easy to use because is web administrable. It includes a certification authority to distribute x509 certificate and radius server to authenticate wireless client using 802.1x (eap-tls, peap and eap-ttls). I am testing it and appears to be very stable and useful. The best feature I think is the captive portal for hotspots web login. bye

Reply to
nuzz

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.