Go with certificates. There is a bit of up-front work, but in the
long run, it is the best option if you cannot do static IP
addresses. I was "scared" of certs when I just started with Radmind,
but they really aren't that bad.
The key thing to remember about certificates is that you do not need
to do one for every individual machine. You just need to do one for
each "type" of machine. So, if you have 30 computers in a lab that
all do the same thing, have the same software, etc, that's only 1
certificate, not 30.
Some other notes on certs that might be helpful:
When you create the Certificate Authority, give it a LONG duration.
You don't want to have your CA expire in a year's time rendering all
of your certificates useless. (Been there.) I think I used 10 years
on my current CA.
For the server, create the certificate where the Common Name is the
fully-qualified domain name of the server. Then, always use the FQDN
when running the Radmind utilities so that they match.
For the groups of machines, assigned the Common Name to be the name
or type of the group of machines (ScannerStations, Kiosks,
Don't forget to renew your certificated before they expire. If you
do it far enough in advance, you can easily use Radmind to put the
updated cert onto the machines for you. I'm planning on renewing
mine shortly, even though they don't expire for 6 months!
-David J. Blezard
Academic Computing Systems
University of New Hampshire
On Nov 29, 2006, at 12:41 PM, Jason Bennett wrote:
> Hello all,
> I've been playing with Radmind and I love the idea and my little
> test setup was working great (until I messed with too many settings
> and it broke). However, I'm at a loss on how to implement this at
> a school or district level. We have about 1,600 computers across
> 13 buildings that I'd like to manage. My problem is with the
> The way I see it, we have three options:
> 1. Static IP - This would take forever to implement and maintain to
> start. We're now getting into teacher laptops that are brought
> home and off the network which would be another hassle with static
> 2. Hostname - If I could get it working with a .local hostname, I'd
> be set... but this isn't working and I haven't seen anything
> mentioned on it before. We have Windows 2003 for DNS, but our macs
> don't have a hostname on our domain. I'm rather ignorant with DNS
> and willing to learn, but I haven't found much on macs and DNS and
> pretty much nothing in regards to radmind.
> 3. Certificates - This seems like it'd be as much of a hassle as
> static IPs. I have also been unable to create a certificate yet.
> I just wish it would work with the computer's name or active
> directory name... Then I'd be in business.
> I'd just like to know if anyone has any suggestions on implementing
> radmind in this environment. Are most people using static ip,
> hostname, or certificates?
> Sorry if I sound like an idiot, I'm still rather new at this and
> I'm learning as I go.
> Jason Bennett
> New Lenox School District 122
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
> share your
> opinions on IT & business topics through brief surveys - and earn cash
> Radmind-users mailing list