Cisco ACS as RADIUS with an LDAP back-end is a problem. At least it's been driving me nuts and if anyone finds an easy solution I'll be glad to hear it. LDAP doesn't provide the authentication channel that standard EAP and PEAP use, so you're stuck with a protocol that isn't supported by Windows out of the box. The only practical solution I've heard of is to use TTLS (proprietary, tunneled TLS) and use the Secure-W2 client. Also, Cisco ACS didn't support TTLS until recently--at least I think I saw support for TTLS in the release notes for the latest version. thanks John
________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of David Blahut Sent: Wed 12/23/2009 2:24 PM To: [email protected] Subject: [WIRELESS-LAN] Encryption and Authentication Greetings, We are beginning to deploy encrypted wireless and I am looking for some words of wisdom. Mainly what method you used and what reasons as to why you chose said method or any reason you wish you had not. We have looked at many of the different flavors of EAP but are unsure of any clear advantage of one over the other. We are a Cisco LWAPP shop with Cisco ACS playing the role of RADIUS with open LDAP in the back-end. Any advice would be helpful; any thing to look out for, any gotchas, any show stoppers, and any success stories. Thanks, David ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
