I need to implement 802.1x authentication on our wired network and I'm
kind of on the fence between two solutions:
1. eDirectory integrated FreeRADIUS;
2. Another RADIUS server and separate certificates.

I have some concerns with both solutions:

eDir integrated:

Problem #1: Seems like this makes it harder to troubleshoot problems
where user can't log in - if the network link is down, is it a "real"
network problem or is the user simply using wrong password? The latter
happens quite often at our place.
Problem #2: Anyone can bring their own machine from home, install Novell
client and connect to the network.
Problem #3: What happens to Zenworks software installation and antivirus
scans running at night with WoL? Seems that there are switches that can
allow WoL magic packets through even when the port is 802.1x enabled,
but if autentication requires user to log in, I'm still dead in the

Separate certs:
Problem #1: The hassle of managing separate certificates.

Can anyone who has implemented eDir integrated FreeRADIUS alleviate my
fears about this solution?

vatson's Profile: https://forums.netiq.com/member.php?userid=2134
View this thread: https://forums.netiq.com/showthread.php?t=52669