Hi, the guest provisioners in my company are still authenticating using a local account in CP. I really would like to move forward and enhance the security by having them using their companies AD account, based on PEAP-MSCHAPv2.
I recently upgraded to the latest 6.6 version and read through the deployment and user guide docs, but I did not see the so called external auth. option which seemed to be there in older code.
My questions are:
- Will this option return in a near future code? Is it on the road map?
- If not, CP can do LDAP direclty into AD using TCACS only. Documentation states that CP system has to be domain joined, correct?
- How to have the auth request send to CP, passthrough towards NPS to authenticate the AD user? Maybe this sound weird but cusomter does have reasons not to have CP authenticate directly to AD.
Any documentation which describes this setup or real life experience?
btw, I'm aware CP is TACACS+ and NPS is RADIUS. Just trying to get it working based on companies policy and request.