FreeRADIUS High Availability with AD Integration
Vinícius Ferrão
vinicius at ferrao.eti.br
Mon Mar 30 23:35:25 CEST 2015
Thank you Alan. Considerations on the rest of the message:
> On Mar 30, 2015, at 6:00 PM, A.L.M.Buxey at lboro.ac.uk wrote:
>
> Hi,
>
>> I've a single FreeRADIUS 3 server integrated in a AD domain to provide 802.1x authentication over the air and in the Ethernet cable. It's working perfectly, but I would like to implement an High Availability feature.
>
> okay.... you can either have multiple ntlm_auth's defined in multiple mschap modules and do the
> same way as mysql HA - with failover/error redundancy....or
>
>> The question is how to do this? Just install another FreeRADIUS server independently and everything would be fine?
>
> ...use multiple RADIUS servers that are bound into the AD yes.
I will do this way. Two distinct FreeRADIUS Servers.
>
>
>> Since the supplicants can use two distinct RADIUS servers.
>
> no. the NAS ca use multiple RADIUS servers - the supplicant in the OS hasnt a clue about anything.
> and whilst you can use different RADIUS certs, dont. just use the same cert, signed by the same CA.
Sorry, I was referring to the NAS. I will use the Wildcard cert that we have from GlobalSign.
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list