Hi,
setup : client uses cert to authenticate to the wifi
We use Central which currently passes authentication requests to a Windows nps. Works, not an issue.
Due to Microsoft pushing strict enforcing an sid in the certificates (KB5014754) we're facing a challenge. Or we change every user certificate (takes some time). Or for a limited time, we check for a workaround.
On a controller based setup, you can terminate eap-tls requests on the controller itself. Basically, that's saying if you have a valid certificate that's fine.
This is not possible in Central. I checked on nps level, it's not possible to disable strict enforcing there. I played around with a few settings, but currently i don't think we can bypass this issue on nps level.
I was wondering, do we have a possible workaround with Clearpass? In Clearpass you can setup a radius service, which validates users finally via ldap (port 389) to a domain controller. That's basically the same thing we do with Fortinets for vpn users. We know this last one does not suffer from this issue.
Maybe it's also possible to terminate the request on Clearpass itself?