Anyone roll out WAP2 802.1x with support only for EAP-GTC ( and forgetting about MSCHAP ?) and are happy about it ?
- MSCHAP for us is looking like too big of a hurlte...
- Wanting to use MSCHAP because of windows native support
The EAP-GTC works just fine, It's just client support can be tricky at times.
There are quite a number of users that use GTC because they have LDAP and they want to do encryption. This involves using EAP-GTC as the inner EAP type and installing a GTC supplicant like Odyssey or SecureW2 on clients. Most of these users are in higher education. One of your biggest issues is training your helpdesk to install and troubleshoot these clients.
If you wanted to allow users to use their native supplicant and do EAP-MSChapV2, you would have to make sure that your LDAP tree or structure uses passwords that are in cleartext or NTLM-hashed (http://deployingradius.com/documents/protocols/com