Debian WPA2-Enterprise (Network-manager) 802.1X no prompt for certificate?

J-barnaby asked:

I set up an access point (AP) with PEAP (Freeradius) 802.1X authentication and trying to connect the following:

  • iOS: Automatically provides the certificate to the onscreen user.
  • Windows: Automatically provides the certificate to the onscreen user.
  • Linux: No proposed certificate.

My question is simple, do I have to download the certificate from my Linux client (what I would like to avoid) or are there a setting for the network-manager offers me the certificate automatically?

As I am, I am going up a captive portal (operational for apple and windows for now) and I therefore take this opportunity to ask you to pass: what local domain must be hosted (as msftncsi for Windows) for Linux (or redirect traffic with iptables)?

My answer:

Yes, this is true. Some NetworkManager frontends will silently fail if presented with an unknown or self-signed certificate (such as the ones usually used with FreeRADIUS). Distributing the certificate to affected clients is probably your best bet.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.