Hello, We have a relatively stable configuration where we have our wireless WPA2-Enterprise authentication using UNIX-based Free-RADIUS servers passing on authentication over MS-CHAPv2 to our AD domain controllers (a dedicated site, in fact, due to NTLMv1 mitigation). Users enter their AD credentials (samAccountName and password, or UPN and password). However, we have a business case where we need to authenticate on the same wireless network to the corresponding AD’s for our other campuses. We have cross-forest trusts in place between the campuses, but clearly RADIUS is not going to honor them. Has anyone had success pointing RADIUS to multiple back-end AD’s? Conditional based on UPN suffix? Or is it time to just redesign the entire infrastructure? Would the Windows-based NPS work better for cross-forest authentication for wireless? If anyone has this kind of multi-campus setup, what have you used? Thanks in advance!
Erik Coleman Identity and Access Management at Urbana (IAMU) Technology Services University of Illinois at Urbana-Champaign