Working on a wireless deployment for a client... wanted to get updated on what the latest best practices are for enterprise wireless.
Right now, I've got the corporate SSID integeatred with AD authentication on the back end via RADIUS.
Would like to implement certificates in addition to the user based authentcation so we have some level of dual factor authentcation.
If a machine is lost, I don't want a certificate to allow an unauthorized user access to a wireless network. I also don't want poorly managed AD credentials (written on a sticky note, for example) opening up the network to an unathorized user either... is it possible to do an AND condition, so that both are required to get access to a wireless network?