PEAP validating a secondary domain suffix

Posted by sam on Server Fault See other posts from Server Fault or by sam
Published on 2012-09-22T17:56:45Z Indexed on 2012/09/25 15:39 UTC
Read the original article Hit count: 312

Filed under:
|
|

Probably the title is a little bit confusing, let me explain the situation.

Our company wants to implement a corporate wireless lan with PEAP authentication. unfortunately someone made a big mistake in our AD design 10 years ago.

The domain name we are using "company.ch" is not owned by company but by someone else. so it is not possible to issue a public SSL certificate for the RADIUS server. Our AD is to big to rename it.

We already thought about using our private PKI and rollout the CA certificate via GPO but that would only cover our corporate managed clients but not the BYOD (Smartphones, Tablets, Laptops..)

Is there a way to add a secondary domain name like “company2.ch” and issue a public certificate and join that radius to that secondary domain aslwell, and configure that secondary dns suffix via DHCP for all the client pools...

or is there another way with for example a new radius server which has his own domain company2.ch which is connected with some kind of trust between the company.ch doamin?

sorry i'am not a client server guy.. hopefully you get my drift.!?

© Server Fault or respective owner

Related posts about wireless

Related posts about radius