If you do go this route, make sure you document for CYA purposes.
From a security standpoint the best option is setup a captive portal.
YOu could either uncheck Validate Server Certificate to avoid this, or you could export your AD Root certificate from a server or domain joined computer (in Certificates snap-in - Trusted Root Certification Authority - right click - export), and then in you computer - Certificates snap-in - trusted root certification authority - right click and import.
I am trying to sign on to an existing internet connection from my XP.
It's not a recommended configuration to have a external root CA sign your RADIUS server's certificate.
This is from the Free RADIUS documentation but I expect it is equal valid for the Microsoft implementation: In general, you should use self-signed certificates for 802.1x (EAP) authentication.
Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Specs ***** Router: Tplink wireless router TL-MR3420 Laptop: OS windows XP Home Thank you Suply "The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years.
This is the first time I have tried to attach to this internet connection from this laptop.
It is a secure network but I was never asked for the ID info.
I could conceivably build my own RADIUS server and intercept your user's AD credentials.
Not an ideal setup but your department will need to do the risk analysis.