It's a good point that we haven't had to deal with yet. When we first got into 802.1x, the mandate on this end was either pretty clear or foolishly incomplete: AD would be the end-all for us. PEAP and MS-CHAPv2 have been a great fit for native supplicants on Windows and Mac, and we like the logging detail and reports that ACS give. It's been a solid, easy to configure platform that really showed no limits versus our needs.
Until now, potentially, where LDAP is now in the mix again for us. I can't imagine why Cisco does not support TTLS on even their new ACS 5 platform- seems a bit goofy. Any theories on why they don't support it? If this thing with LDAP/AD both needing to be supported progresses, we may well be kicking tires on FreeRADIUS in the near future. Ah well, live and learn! Thanks again. -Lee -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Hector J Rios Sent: Wednesday, October 13, 2010 9:07 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Active Directory and LDAP at the same time. Or... just LDAP with 802.1x. Lee, I second Jeroen's comments. We had ACS at some point but we were frustrated by the limitations imposed by the application. We wanted the freedom to write custom scripts for whatever we needed (guest access was one of them) and basically just wanted more control. We switched to FreeRADIUS and we've been extremely happy with it since. I know this doesn't help your current situation, though. Thanks, Hector Rios Louisiana State University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.