PEAP validating a secondary domain suffix
Posted
by
sam
on Server Fault
See other posts from Server Fault
or by sam
Published on 2012-09-22T17:56:45Z
Indexed on
2012/09/25
15:39 UTC
Read the original article
Hit count: 312
Probably the title is a little bit confusing, let me explain the situation.
Our company wants to implement a corporate wireless lan with PEAP authentication. unfortunately someone made a big mistake in our AD design 10 years ago.
The domain name we are using "company.ch" is not owned by company but by someone else. so it is not possible to issue a public SSL certificate for the RADIUS server. Our AD is to big to rename it.
We already thought about using our private PKI and rollout the CA certificate via GPO but that would only cover our corporate managed clients but not the BYOD (Smartphones, Tablets, Laptops..)
Is there a way to add a secondary domain name like “company2.ch” and issue a public certificate and join that radius to that secondary domain aslwell, and configure that secondary dns suffix via DHCP for all the client pools...
or is there another way with for example a new radius server which has his own domain company2.ch which is connected with some kind of trust between the company.ch doamin?
sorry i'am not a client server guy.. hopefully you get my drift.!?
© Server Fault or respective owner