I am having a hard time deciding which EAP method is best for us. We have RADIUS/LDAP. We would like to use certificates for end users. However, this seems to contradict with the additional desired capability of fast and secure roaming for voice over WLAN.
With LDAP usage being a must, I am thinking that we might perhaps consider using a different method for data (with certificates) and a different for voice over WLAN (probably without certificates). What are the security implications for voice if certificates are not used? What are the impacts on voice quality if certificates are used? (This seems to me like the definition of tradeoff.) Are there any limitations that might cause us to have to use a particular method just because we cannot do any other way (e.g. because we must use LDAP)? Which method would you suggest for our scenario?
Any thoughts are appreciated in advance.