Which authentication method will best suite my needs?

Jeremy Homan · ‎10-29-2013

Right now we're using WPA2 - PSK; and although it works flawlessly, I hate having to touch every single device to connect it to the WLAN.

I'm looking for something that will allow a user to login to a laptop; and have them select the prod wlan, and will authenticate them based on their LDAP settings or something.

So, right now, if a laptop has never been setup to connect to the prod WLAN, no users can login to that laptop. If I have a newly configured laptop; I want whoever is in our AD to be able to login to it without having to have me assist them.

Whats the best way to go about this?

Is it EAP-Fast with LDAP?

Thanks!!

Stephen Rodriguez · ‎10-29-2013

all depends. If these are Domain machines, you could use a GPO to push out the wireless config.

If they are not, then PEAP would be the best, as it is suppported by all operating systems, and EAP-FAST is not. The downside is there could still be some manual intervention needed to configure the supplicant.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Jeremy Homan · ‎10-29-2013

99% of the machines would be domain machines. With that said, I could use a GPO to push something out. Knowing that, what would work best in my scenario?

Thanks!!

Stephen Rodriguez · ‎10-30-2013

It depends, if you have a AAA server PEAP. If you don't have one running WPA2/PSK will work as well.

With PEAP password will be using the AD/LDAP and follow that change policy

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered