I am trying to secure our wireless. We have a Cisco Wireless Controller with Cisco WAPs, Microsoft IAS Server, Microsoft CA on the same server as the IAS. I would like to secure it without certificates, but want to authenticate against AD. Any help would be greatly appreciated.

I think that IAS can do EAP-MD5, but without some sort of certificate based auth like PEAP to create a TLS tunnel to exchange the user/pass in....every wireless user's username and password are sent over the WLAN in the open.

If you already have a CA, push the CA certificate out to all the clients, and use PEAP with MSCHAPv2.

~K