The scenario I'm currently working on requires corporate Wi-Fi based Laptop & PDA users, have access to the corporate LAN services [e-mail, print & file share etc] via Cisco APs, using their current network [wired] user credentials on the NTLM-SAM database.
There are WLAN vendors like Proxim/Agere that support EAP-TTLS, but you?d need third-party client software for your PDA. To my knowledge, Funk?s Odyssey Client and Meetinghouse?s AEGIS Client (both EAP-TTLS) are not yet available for WinCE platforms.
Microsoft is now shipping PEAP support in Windows XP SP1 and the IAS RADIUS server supplied with Windows .NET, so you might reasonably expect to see PEAP support in some future version of WinCE. But definitely not yet.
Cisco released new Win32 Aironet drivers that support PEAP this week, but new WinCE drivers for PEAP are not yet available. However, Cisco Aironet v2.22 drivers do support LEAP on HPCs running WinCE 2.11 or 3.0, or Pocket PCs running WinCE 3.0, equipped with Cisco Aironet 340, 350, and 4800 PC cards. LEAP of course is not PEAP or EAP-TTLS. But it does allow you to perform user-based authentication against a RADIUS server that supports LEAP (like Cisco ACS). The newest Cisco ACS v3.1 supports both LEAP and PEAP authentication against NTLM-SAM user databases. So this solution could work for you, if you don?t mind running ACS as your RADIUS server or upgrading to your ACS server to v.31. You?d probably be able to migrate to PEAP in the future, after Cisco releases new WinCE drivers.
This was first published in September 2002