CommScope RUCKUS Community Forums

@tommy_nelson Windows NPS is nice because it is simple and interfaces with active directory, but requires a full GUI install of windows server. Personally for me, I like active directory on windows core, more secure and faster updates. I use freeradius instead with ldaps. Works great and no license to worry about. Although a be bit of pain to setup fully.

LDAP isn't a bad protocol itself. Problem is that it was never included in WiFi certification specification, as Radius was. So any WiFi system supports RADIUS protocol for authentication directly, and RADIUS protocol has a lot of options to do all you need, but no WiFi equipment directly supports LDAP same way. Option for ldap authorization some WiFi systems have, are nothing more than basic user authentication from LDAP with whitelisting they MAC, which is secure enough for guest networking really.

Theoretically, you could do same things as with RADIUS with LDAP, problem is that support for LDAP functions is not built in WiFi systems. So only real way is to use something (as mentioned by Tommi Nelson FreeRadius, for example)  to convert ldap connection to MS AD into RADIUS connection to WiFi system.

Windows NPS is MS realization of that -- RADIUS server which is an interface to MS AD domain database. It is  a basic realization, but it comes with any Windows server system for free, and covers basic need -- so NPS is one of the most popular RADIUS servers in corporate networks based on AD.

So, if you already have MS AD in your network, and you need just authorize  WiFi users from MS AD,  the easiest way is to use NPS. It is simple, free, and is enough for most standard use cases.  Any other way with ldap will be for sure more complicated. Using FreeRadius you may have more features, but if you don't need anything extra to basic authentication, I would keep it simple. Even so I don't like to use any MS products if I can help it, this is really way to go, as far as you have MS AD in use...