I have an issue where we are using 1130 autonomous APs throughout the office (all on the same subnet) with 802.1x EAP-TLS employed and users are authenticating to IAS (Radius with back end AD). There is an application that is on wireless tablets and users are dropped when they roam from AP to AP. So we needed to configure the APs for secure roaming.
I configured WDS on one of the 1130 APs with authentication to the IAS server. As you might have guessed, the authentication failed because WDS is using LEAP and the IAS server does not recognize LEAP.
I then tried to create a local radius server on the WDS configured AP but it is interfering with AD users being able to authenticate to the IAS. Also, the other APs were not properly regisering with the WDS (kept stating that AUTH-IN-PROG).
Is there a way for me to configure the WDS to authenticate to the IAS server with EAP instead of LEAP?
If not, is there a way to configure the WDS to send AD users to the IAS server, but send the WDS authentication account to the local Radius server? I do not see an area where you can specify that the WDS account use the local Radius server and everyone else use the IAS server.