Re: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

I only use NPS for Cisco RADIUS auth. Otherwise, all of our authentication hits Extreme NAC (uses FreeRADIUS as a backend). I dislike NPS very much. *--Jeremy L. Gibbs* Sr. Network Engineer Utica College IITS On Wed, Nov 16, 2016 at 3:29 PM, Mike Atkins wrote: > Bruce, > >

RE: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Thanks, Phillipe. For a number of reasons we’re trying to steer away from open source on this. Lee Badman | CWNE #200 | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e

RE: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Lee, We use Microsoft NPS for radius on dot1x wireless (ND-secure & eduroam.) Troubleshooting and getting debug information has been very difficult. Finding a deployment guide on expected performance/load is also impossible to find. I think configuration is absolutely key. My impression is

Re: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

?Mike Regarding the Troubleshooting and debug challenges with NPS are you exporting the MS events to a log collector or using the server's native event viewer? How useful have you found the PerfMon RADIUS metrics? |Bruce Boardman, Network Engineer, Syracuse University - 315 412-4156

RE: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Bruce, We are using Microsoft Event log view for NPS/security and are also exporting security logs daily to another system that we built to massage the information in order to get stats and summarize errors. We have Microsoft System Center that I believe can be expanded to do additional

Re: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Yeah- thanks, Phillipe. I knew I wasn't phrasing that quite right, typed it as I was flying out the door earlier.? -Lee From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Philippe Hanset

Re: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Lee, Radiator is not open source (you can buy support) but it works more smoothly on Unix (you can operate it on Windows). Philippe > On Nov 16, 2016, at 4:34 PM, Lee H Badman wrote: > > Thanks, Phillipe. For a number of reasons we’re trying to steer away from > open

RE: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

We've used NPS since before it was called NPS. We rarely have any issues. Sorta like DHCP- just runs. We do almost everything as 802.1x. It really depends what you're trying to do. Microsoft Event Logs can be used to troubleshoot, but they can be like event logs always are- not fun.

Re: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

We have migrated our ACS servers to FreeRADIUS with success. We looked into NPS and the roadblock was the realm suffix stripping. We need to strip username d...@uoguelph.ca to just 'dxu' before authenticate with active directory. NPS only strips the outer PEAP identity but not inner identity.

RE: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Thanks, Dennis! Lee Badman | CWNE #200 | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu w its.syr.edu SYRACUSE UNIVERSITY syr.edu From: The EDUCAUSE

Re: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Lee, Not speaking from using NPS but from having to help Institutions using NPS: It is a very “stiff” environment, and Microsoft does not want to listen to the eduroam community’s requests (not just US, but worldwide) No REALM stripping No Server Status (that one is killing us. We have to

Re: Microsoft NPS as RADIUS for 802.1X Wi-Fi?

Ditto. But technically we use PacketFence which uses FreeRADIUS under the hood. We had the same realm stripping problem with ISE 2-3 yrs. ago. We use realm stripping internally as well as when proxying externally. I understand the external realm stripping was fixed long ago. Not sure if