Olivia
Online
Beamflash Networks
@beamflash
Consumer of fine internet products. Cognitive spendthrift. Infrastructural pet coddler. He/Him.
@[email protected]
Perth, Australia
Joined January 2010
283 Following
178 Followers
2.5K Posts
@merill Wouldn't it make sense for them to be using passkeys in Authenticator instead of synced passkeys?
@NathanMcNulty Of course A5 gets nothing again
@patio11 Factoring
@kamilkazani https://t.co/0PerIM81az
@MyNameIsMurray @freeradius A bigger problem is that Intune can and not infrequently did take half an hour to provision a certificate, it was easily the biggest bottleneck in return to service when replacing a device.
@MyNameIsMurray @freeradius We reset passwords and logged in as students during provisioning. Bonus points in that when they change their password later, the cert still works fine. That's a choice though, and I agree that in an ideal world you'd be able to provision a user cert without wires/onboarding SSID
@MyNameIsMurray @freeradius Same SSID, using Intune as the MDM. You just have one policy set to user and computer authentication. @jabbrwcky and I worked it out, he blogged it at https://t.co/zNLpAXCHYI
@MyNameIsMurray @freeradius I would argue that accepting the one-time pain of Ethernet onboarding is worth it vs ongoing disabling of credential guard and MFA for EAP-TTLS/PAP. And you can have different user vs device policies with EAP-TLS.
@MyNameIsMurray @freeradius The missing piece is the device trying TEAP but not having a user certificate yet, only ISE and ClearPass can handle that case which is needed for onboarding. Standard EAP-TLS with device or user certificate only does work once you onboard via Ethernet, and I've done it in prod
@MyNameIsMurray @freeradius Working link https://t.co/2ixyJsfoml (the W got capitalised somehow in my previous link)
@MyNameIsMurray @freeradius Yes, that's the thing, it's technically non-standard and only implemented by ClearPass and ISE. Mist, Extreme and FreeRADIUS don't do it, they only implement RFC standard TEAP (device and user chained TLS cert auth success).
@freeradius @MyNameIsMurray I must have misunderstood it or the mailing list when I read them a few months ago. Could it be an implementation decision to send success with different attributes if the supplicant only sends one certificate?
@MyNameIsMurray @freeradius Sure, but that relies on the RADIUS server providing success with machine pass/user fail, otherwise with no user certificate the user gets dropped to desktop with no connectivity and no way to get a certificate
https://t.co/kHiSZrv89k
@MyNameIsMurray But don't let that stop you from doing TEAP right now, just be aware that you'll need to do first login wired or with an onboarding wifi network for the user to get their certificate
@MyNameIsMurray The RFC standard version of TEAP doesn't cover device pass/user fail, and FreeRADIUS is a stickler for RFC compliance. There is an updated RFC in the works that allows for it.
https://t.co/sZhCftvGSX
@MyNameIsMurray FreeRADIUS can't do device success/user fail for TEAP, which is what your want for onboarding. So far only ISE and ClearPass do it.
@patio11 That statement is giving me real https://t.co/OBakIOlppK vibes
@rucam365 I think the biggest hassle to doing it securely is how to manage them securely, what needs to be done to isolate them from regular Intune admins? Other replies note that VDI/AVD/W365 meets the user desktop need.
Last Seen Users on Sotwe
hijablover069
Seen from United States
yunβ¨
Seen from Indonesia
BBC in Public
Seen from United States
Tits n Bits
Seen from Turkey
Iris Tan
Seen from Indonesia
Fuck my mom
Seen from Algeria
stw_addicted
Seen from Indonesia
Em! ΝβΊ 
Seen from United Kingdom
Cuckold
Seen from Turkey
Cokil kuy
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers