Not trying to sway you from your intended design but we use IAS on a machine that is a member of the domain and everything just works. IAS is free and is just a service you can enable on any windows server. If it is a member of the domain it is all seamless. It also has allowed us to authenticate the "machine accounts" so when domained machines boot up, even before user logon, the "machine" is able to get on so our sysadmins can see and manage them, push policy at machine and user login in time, etc, etc. the login flips to the user credentials once they ctrl-alt-delete and login with valid domain credentials. AND you can even accommodate for non-domain users by creating just their accounts locally on whatever machine is running IAS.
I would be happy to share more details of this if you're interested. -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Philippe Hanset Sent: Tuesday, August 26, 2008 10:06 AM To: [email protected] Subject: [WIRELESS-LAN] EAP-PEAP, RADIATOR, AD ? All, We want to move to EAP-PEAP instead of EAP-TTLS (secure W2), and try to use the built-in client in Vista and XP. We use RADIATOR for RADIUS and have two identical back end directories: LDAP and Active Directory. Considering the hashing issue that MSchapV2 introduces we want to authenticate against AD. But our AD admin is giving us a hard time. He wants us to join his domain and do NTSM/Kerberos. This involes a lot of SAMBA and I'm more of a Tango guy! Is there a better way with UNIX Based RADIUS (RADIATOR in our case)? Thank you in advance, Philippe ---------------------------------- Philippe Hanset University of Tennessee, Knoxville Office of Information Technology Network Services 108 James D Hoskins Library 1400 Cumberland Ave Knoxville, TN 37996 Tel: 1-865-9746555 ---------------------------------- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
