Here's the backdrop for my questions: For 802.1x authentication on the WLAN, we use PEAP w/ MS-CHAPv2, against our AD environment. This works wonderfully and always has.
The rub- we have a set of users not in AD- they are in our ED (LDAP). I'll thank you not to ask why. These LDAP credential folk cannot use the 802.1x setup as it is, as they are not in AD. LDAP lookups aren't possible because PEAP w /MS-CHAPv2 doesn't work with LDAP. Potential options: - add support for TTLS/PAP against LDAP on a new SSID (yuck) - add support for TTLS/PAP on current SSID to make it support two EAP types (never done it here) - insist that everyone be AD (politics) - insist that everyone be in LDAP and go to TTLS/PAP globally This is not a terribly important issue right now, but looking down the road it will come up and so I'd like to get my thoughts lined up. Does anyone else use a single SSID with two EAP types? Or have AD and LDAP both at play in any other way? Anyone using TTLS/PAP that can comment on it's suitability and reliability versus PEAP w/ MS-CHAPv2? Thanks- Lee Badman ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
