Yeah- thanks, Phillipe. I knew I wasn't phrasing that quite right, typed it as I was flying out the door earlier.?
-Lee ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Philippe Hanset <phan...@anyroam.net> Sent: Wednesday, November 16, 2016 5:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi? Lee, Radiator is not open source (you can buy support) but it works more smoothly on Unix (you can operate it on Windows). Philippe On Nov 16, 2016, at 4:34 PM, Lee H Badman <lhbad...@syr.edu<mailto:lhbad...@syr.edu>> wrote: Thanks, Phillipe. For a number of reasons we're trying to steer away from open source on this. Lee Badman | CWNE #200 | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu<http://its.syr.edu> SYRACUSE UNIVERSITY syr.edu<http://syr.edu> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Philippe Hanset Sent: Wednesday, November 16, 2016 12:58 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Microsoft NPS as RADIUS for 802.1X Wi-Fi? Lee, Not speaking from using NPS but from having to help Institutions using NPS: It is a very "stiff" environment, and Microsoft does not want to listen to the eduroam community's requests (not just US, but worldwide) No REALM stripping No Server Status (that one is killing us. We have to implement all kinds of timers to make sure that servers are responding...when the standard has a built in mechanism) No support for RadSec ever mentioned. If I were a large University with in house expertise I would do FreeRADIUS 3.0 or Radiator (or more NAC oriented solutions if you need that) Philippe Philippe Hanset, CEO www.anyroam.net<http://www.anyroam.net> www.eduroam.us<http://www.eduroam.us> GPG key id: 0xF2636F9C On Nov 16, 2016, at 9:40 AM, Lee H Badman <lhbad...@syr.edu<mailto:lhbad...@syr.edu>> wrote: Hello to the awesome group. We've used Cisco ACS with general satisfaction for many years as the RADIUS solution for our very, very large WLAN's 802.1X authentication. We also have Aruba Clearpass in-house for guest wireless, and have poked around at ISE a bit. We're weighing replacing our aging ACS environment, but as many of you know times are changing. When you shop for RADIUS, you have to wade through the fog of NAC systems because everything is getting ever more "feature rich". For major vendors, RADIUS is just a slice of NAC now, and since everybody "is a software company!" licensing can be ugly. I'm not slamming those who find value in the many interesting features that the likes of ISE and Clearpass offer, but I also can't help but be drawn to Microsoft NPS when I think about going forward with simple RADIUS. Way back when, we avoided Microsoft in this role as the reporting wasn't particularly strong when it came time to troubleshoot clients. We *may* have found relief to this through Splunk, and also enjoy a robust Windows server environment staffed by absolutely brilliant MS-minded veteran admins. All that being said- is anyone using NPS as their RADIUS solution for a large secure WLAN environment? Can you share likes, dislikes, regrets, endorsements, horror stories, tales of success, etc? (Any vendor reps lurking- no, I'm not open to hearing about other RADIUS solutions. Please, no calls or emails) Kind regards- Lee Badman | CWNE #200 | Network Architect Information Technology Services 206 Machinery Hall 120 Smith Drive Syracuse, New York 13244 t 315.443.3003 f 315.443.4325 e lhbad...@syr.edu<mailto:lhbad...@syr.edu> w its.syr.edu<http://its.syr.edu/> SYRACUSE UNIVERSITY syr.edu<http://syr.edu/> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.