We currently use multiple Microsoft 2008R2 Servers NIPs Functionality (aka IAS/Radius) to authenticate our Machines and users against AD using 802.11x. We have 8 AD forests/domains and currently have multiple NIPs servers pairs in each forest/domain.
We are looking to rationalize the number of NIPS servers down to basically 1 pair which can service all forests /domains, ie we want the NIPs servers to do AD/LDAP lookups across the various domains to validate the machine and user credentials without having to have NIPs/IAS/Radius server in each forest/domain..
Has anyone done this ? Is it actually possible ?