https://community.cisco.com/t5/wireless/ldap-vs-psk/m-p/5494470#M299801 <P>Take a look at the post that I made.</P><P><A href="https://community.meraki.com/t5/Wireless/FreeRadius-Integration-with-OpenLDAP-and-Dynamic-Vlan-Assignment/td-p/171440" target="_blank">https://community.meraki.com/t5/Wireless/FreeRadius-Integration-with-OpenLDAP-and-Dynamic-Vlan-Assignment/td-p/171440</A></P> Fri, 14 Jun 2024 02:15:49 GMT aleabrahao 2024-06-14T02:15:49Z https://community.cisco.com/t5/wireless/ldap-vs-psk/m-p/5494467#M299798 <P>I am setting up a new wifi ssid. This will be for our office computers. I only want company owned, domain joined computers to be on this wifi. I don't have budget for ISE or anything like that. I need it to be reliable, but not complicated. I would be fine with saying that anyone with domain credentials should be able to get on this wifi.</P><P>I am trying to decide what authentication scheme I want to use. I have it narrowed down to LDAP or pre-shared key.</P><P>I like LDAP because it seems to be more scalable / manageable to use domain credentials. That way, everything is per-user. And, if they user is disabled, then those devices can't get on the wifi. And, I worry about the preshared key being given out.</P><P>On the other hand, I could do a preshared key and publish it through group policy.The users wouldn't have to know the key.</P><P>And, this might be the deal breaker... I want to use Wifi6 and Wifi6 requires WPA3 and it looks like I can't use LDAP and WPA3.</P><P>Anyway, is there something that I missing? Is there future support for WPA3 under LDAP?</P><P>Also, is there another protocol that talks straight to active directory other than LDAP? I thought there was, but I don't see it in the options.</P><P>Thanks everyone</P> Thu, 13 Jun 2024 22:30:48 GMT https://community.cisco.com/t5/wireless/ldap-vs-psk/m-p/5494467#M299798 exadmin 2024-06-13T22:30:48Z https://community.cisco.com/t5/wireless/ldap-vs-psk/m-p/5494468#M299799 <P>You could use 802.1X with the Microsoft NPS as a RADIUS server. This comes at no monetary cost but is also not very usable. There are open-source RADIUS servers like FreeRadiusthat could be used or PacketFence.</P><P>But you will not reach your initial goal that only domain joined PCs can join the network. Every user with an account can join from any device he wants.</P> Thu, 13 Jun 2024 23:44:22 GMT https://community.cisco.com/t5/wireless/ldap-vs-psk/m-p/5494468#M299799 Karsten Iwen 2024-06-13T23:44:22Z https://community.cisco.com/t5/wireless/ldap-vs-psk/m-p/5494469#M299800 <P><A href="https://community.meraki.com/t5/user/viewprofilepage/user-id/17472">@Karsten Iwen</A> is bang on.</P><P>To meet your requirements of domain joined computers and user auth, a RADIUS server is the way to go.<BR /><BR />Microsoft NPS is free and works well enough but it's a bit like diving back into the early 2000's with regard to usability. You may have to spend a little bit to invest in a log viewer/interpreter to actually troubleshoot auth failures (Eg. IAS Log Viewer).<BR />That said, it's so widely used that there's heaps of online resources.</P> Fri, 14 Jun 2024 00:27:29 GMT https://community.cisco.com/t5/wireless/ldap-vs-psk/m-p/5494469#M299800 Brash 2024-06-14T00:27:29Z https://community.cisco.com/t5/wireless/ldap-vs-psk/m-p/5494470#M299801 <P>Take a look at the post that I made.</P><P><A href="https://community.meraki.com/t5/Wireless/FreeRadius-Integration-with-OpenLDAP-and-Dynamic-Vlan-Assignment/td-p/171440" target="_blank">https://community.meraki.com/t5/Wireless/FreeRadius-Integration-with-OpenLDAP-and-Dynamic-Vlan-Assignment/td-p/171440</A></P> Fri, 14 Jun 2024 02:15:49 GMT https://community.cisco.com/t5/wireless/ldap-vs-psk/m-p/5494470#M299801 aleabrahao 2024-06-14T02:15:49Z