802.1x and WPA authentication and certificates can be provisioned by NoTouch Center
Network authentication in the context herein means any mechanism that must take place before a device can access the network, get an IP address, communicate with other machines. For most people network authentication means IEEE 802.1X on Ethernet/wired networks and WPA2 on wireless networks.
NoTouch supports these main ways to configure network authentication
- Wireless LAN/WiFi wireless authentication
- Ethernet IEEE 802.1X wired authentication
- Unlimited configuration of the backend for either Ethernet or wireless
Certificates
Some authentication methods require different types of certificates. Certificate files must be present locally in the device. While the client displays an option box, in NoTouch Center you have to type in the file name. For the file to be available, you must upload it to the client.
There is an article dedicated to all aspects about that: Certificate management in NoTouch
Testing
You will have to reboot for the new configuration to take effect. We strongly recommend to work directly at the client and don't use remote login or central management because it is too easy to lock yourself out - but in most cases working locally is a must anyway, because how would you use remote login when the device doesn't have networking yet?
In the client's configuration menu select "Debug information" from the "Diagnostic" section, and then select "System Log", scroll down as far as needed. The output of the wpa_supplicant program will be there. Alternatively you can open a "Console" (also from the "Diagnostic" section), and type in the command logread.
Rollout considerations
You certainly do not want to preconfigure each individual device before use. There are some situations where you may have to touch each individual device first, such as when using static IP addresses or having individual client certificates per machine. While we generally recommend to avoid such complexity we understand that you have your reasons why you do so.
The easiest way would be to configure one device, fetch the configuration, put it on the USB or CDROM drive and then have this initial configuration applied to all devices that will be repurposed/installed. Please read on here for more information:
Another scenario would be to setup an unprotected LAN and configure your devices there, by having them connect to NoTouch Center, fetching the configuration, and then transfer them over to the final LAN (which could mean physical transfer or a change of VLANs).