our current wi-fi infrastructure is based on a Debian box that hosts Freeradius with LDAP backend. Currently we have two 802.1x protected SSIDs, a public and a private network: depending on an LDAP attribute, an user can connect to the first or to the second network.
Since our Freeradius has self-signed certificate, we are having some troubles with Windows 7 clients, that need server certificate installed to perform the connection: this is a bit annoying especially for public network, because we need to setup every pc that comes in.
I was wondering if there is a way (other than buying a commercial certificate for freeradius, sadly I read [ http://wiki.freeradius.org/guide/Certificate-Compatibility ] that Windows client does not accept wildcard certificates, that we already have...) to make clients accept that certificate easier: a workaround could be logging through a captive portal? Is it possible to set up a captive portal only for the public network?