We've used NPS since before it was called NPS. We rarely have any issues. Sorta like DHCP- just runs. We do almost everything as 802.1x. It really depends what you're trying to do. Microsoft Event Logs can be used to troubleshoot, but they can be like event logs always are- not fun. Log aggregation systems, help, but when you really need to troubleshoot, I find it easier just to start with a client and track that client through the logs. Once I profile what's happening to a relevant, I can easily see how often the pattern is happening for other users. That doesn't make the logs any more fun though.
If you're doing really fancy things with Radius, you need to be sure it has everything you want. Most of it is there, but getting started will likely be your biggest roadblock, not because it's not heavily documented. Usually though your product vendor will have instructions for it if you don't know what they require. For us, it's been of my least problematic core network services. I'd just be sure you have enough servers and disk space to store your logs and that you either archive them or set them to roll since they can eat disk space if you don't set the logs properly. For larger schools you may have experience scalability issues, but so far we have not. If you use radius for a lot of different products you may find issues, we haven't run into. If you want good stats, or trending, etc, it's probably not the best platform at all for getting that without some effort. Dexter From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Wednesday, November 16, 2016 9:40 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi? Hello to the awesome group. We've used Cisco ACS with general satisfaction for many years as the RADIUS solution for our very, very large WLAN's 802.1X authentication. We also have Aruba Clearpass in-house for guest wireless, and have poked around at ISE a bit. We're weighing replacing our aging ACS environment, but as many of you know times are changing. When you shop for RADIUS, you have to wade through the fog of NAC systems because everything is getting ever more "feature rich". For major vendors, RADIUS is just a slice of NAC now, and since everybody "is a software company!" licensing can be ugly. I'm not slamming those who find value in the many interesting features that the likes of ISE and Clearpass offer, but I also can't help but be drawn to Microsoft NPS when I think about going forward with simple RADIUS. Way back when, we avoided Microsoft in this role as the reporting wasn't particularly strong when it came time to troubleshoot clients. We *may* have found relief to this through Splunk, and also enjoy a robust Windows server environment staffed by absolutely brilliant MS-minded veteran admins. All that being said- is anyone using NPS as their RADIUS solution for a large secure WLAN environment? Can you share likes, dislikes, regrets, endorsements, horror stories, tales of success, etc? (Any vendor reps lurking- no, I'm not open to hearing about other RADIUS solutions. Please, no calls or emails) Kind regards- Lee Badman | CWNE #200 | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu SYRACUSE UNIVERSITY syr.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
