Hi, > Oh, it exists. It's called subject_match within a network { } stanza of > wpa_supplicant, and all the Windows supplicants I've seen so far allow you > set your expectations on the server name. It's turned off by default though.
agreed. it is there. however, this puts the security on the client end...and they'll still get a connection with the proper server even if they've ommitted all the checks. this is bad generally - you need to have a way of the server checking that these client settings are enforced. oh well. I guess thats what locked-down desktops, corporate images, GPO pushed settings etc are all for. not handy for supporting the average user. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html