After configuring our wireless access point we could authenticate via PEAP authentication. Then we looked for advanced settings and functionality supported by NPS. Like the other servers, NPS supports multiple policy configurations. You can create policies with specific conditions of requests (user groups, NAS port type and many other conditions) and requests that match those are given a set of authentication and authorization settings. You can define settings like exact authentication protocols, day and time restrictions and custom reply RADIUS attributes (such as for VLAN assignments).
Unlike the other RADIUS servers we reviewed, NPS includes Microsoft's network access control (NAC) implementation called Network Access Protection (NAP). It's basically an enhanced form of authorization controls, where you can allow or deny access based upon health policies. So for instance, you can ensure users trying to authenticate from NAP-supported computers have a firewall enabled, antivirus on and up to date, and automatic Windows Updates enabled.
For RADIUS server logging and accounting, NPS supports writing to a text file and/or storing in a Microsoft SQL Server database. For each it gives you the ability to specify what you want to log. For SQL logging it gives you the ability to enable text file logging in case of SQL failure. For text file logging you can specify when it should automatically create new logs.
Overall the NPS role of Windows Server 2008 R2 provides adequate AAA services, but lacks some customization and advanced functionality found in other servers like FreeRADIUS and ClearBox. Nevertheless, it's still a great and economical option for small and midsize networks already running a Windows Server with Active Directory.
FreeRADIUS is a free and open source RADIUS server released under the GNU General Public License Version 2 (GPLv2) with commercial support available from Network RADIUS. Designed to run on Unix and other Unix-like systems, like Linux, it's primarily a non-GUI server in which you adjust settings in configuration files and run the server via command line. Thus it's best for administrators with Unix/Linux experience. It can serve the AAA needs of small networks with a few users or even service providers with millions of users.