I'm trying to setup 802.1X Wireless using Configuration Profiles and machine-based auth using root CA certificates.
I decided to create a new Certificate Template in AD-CS based on the one we use for our Windows laptops, but this time with the ‘Service Principal Name’ option checked rather than ‘DNS Name’. I followed the advice here (see last post)
Clients receive a certificate just fine using the profile I created and I see an X509 cert in the Keychain. However, the system still doesn’t connect to our 802.1X network - when looking at the RADIUS server logs, I see connection rejections and suspect this might be because the user name presented is still in the form DOMAINhostname$, whereas I believe it should be host/fqdn, as that’s what I see on successful connections from Windows laptops.
I was hoping the new template would ensure the username is presented in the correct form, does anybody know what I'm missing?