08-16-2012 06:48 AM
We currently use RADIUS for wireless authenication for all internal users. We are using a Server 2008 R2 Standard VM for NPS. However, Standard edition limits you to a maximum of 50 RADIUS clients. We could upgrade to Enterprise which has no limit. But not looking to perform an upgrade just yet. So my question is, is there any disadvantages to using LDAP for client authenication (vs RADIUS)?
08-16-2012 06:57 AM
No. To do your existing encryption, you would have to install a supplicant on all of your clients.
If you are thinking long-term you should consider replacing your Win2K server with Clear Pass Policy Manager.
It addresses the biggest concerns with Win2K server like scalability, lack of third-party vendor support, much more granular and flexibile policies, etc. Worth a look : http://www.arubanetworks.com/product/clearpass-pol
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
08-16-2012 06:59 AM
PEAP w/MSCHAP wont work against LDAP. You would have to load an EAP-GTC enabled supplicant (The Windows native supplicant doesnt do EAP-GTC) on each device you wanted to allow on your network.
If you have to upgrade, you might want to consider Aruba ClearPass Policy Manager. It's a full featured RADIUS server and is (IMHO) easier to setup, configure and debug than IAS/NPS (or any other RADIUS vendor's product).
08-16-2012 07:13 AM
Amigopod is now called ClearPass Guest (CPG). ClearPass Policy Manager (CPPM) is different, but they are from the same family. In a few months, CPPM and CPG will merge and run on a unified platform, but today they are separate.
Check with you account team for more details.