Re: [WIRELESS-LAN] PEAP/MSCHAPv2 + Active Directory recommendations

[Jim Kieley]

Something to at least be aware of:

We have the older ACS 1113 running the most recent 4.x version of the 
software.  This model was EOL'd last August and can't run the 5.x 
software which is shipped with the more recent model appliances and 
comprises the VM version.  4.x and 5.x take very different approaches.  
There is some functionality in 4.x which is not part of 5.x as of yet, 
but I believe the newer model can be downgraded to 4.x if 4.x 
functionality is required. 

Lee H Badman wrote:
Yep- rock solid and reliable. Great logging, easy interface- it just works. I 
can be a bit hard to please, but can't really say anything bad about ACS.


-Lee Badman
________________________________________
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[wireless-...@listserv.educause.edu] On Behalf Of Brzoskowski, Anthony P 
[brzos...@uwp.edu]
Sent: Saturday, March 06, 2010 4:23 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] PEAP/MSCHAPv2 + Active Directory recommendations

Has anyone had any experience with Cisco ACS? We are looking at deploying this 
as our solution tied to AD.

Thanks,

Tony Brzoskowski
IS Network Services Specialist
University of Wisconsin-Parkside
brzos...@uwp.edu<mailto:brzos...@uwp.edu>
262.595.2629
[cid:image001.png@01CABD40.EBFE5230]<http://www.facebook.com/tobrz>  
[cid:image002.png@01CABD40.EBFE5230] <http://www.linkedin.com/pub/7/38b/359>   
[cid:image003.png@01CABD40.EBFE5230] <http://twitter.com/uwp_cts>

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Ryan Holland
Sent: Thursday, March 04, 2010 12:57 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] PEAP/MSCHAPv2 + Active Directory recommendations

We currently have an 802.1X environment using PEAP/MSCHAPv2 to Steel-Belted 
radius. SBR queries SQL for user credential validation. We are (thankfully) 
migrating away from SQL to an Active Directory solution. I have been told by 
Juniper that we will be unable to search/query for additional attributes in AD 
since we are using MSCHAPv2; I'm told that PAP (clear text passwords) must be 
used in order to use the ldap auth to BIND to AD.

Being that we need to be able to query for additional attributes, I am 
inquiring what other institutions are doing.

If you are using both PEAP/MSCHAPv2 and Active Directory, I would appreciate 
you taking a moment to share how you are set up. Feel free to respond off list 
as well.

Many thanks!

==========
Ryan Holland
Network Engineer, Wireless
Office of the Chief Information Officer
The Ohio State University
614-292-9906   holland....@osu.edu<mailto:holland....@osu.edu>

********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.
  


--
Jim Kieley
Chief Technology Officer
Loyola Law School
Email: jim.kie...@lls.edu
Phone: (213) 736-1470
FAX: (213) 380-3769 

**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.