802.1X Extra Miles
3@D4rkn3ss DuMb
32d4rkn3ss at gmail.com
Wed May 4 18:12:53 CEST 2016
Dear List,
I hope you are all doing fine. I know that the following question might be
'out of scope' of the user's list but still, I would like to ask some
user's experience. I successfully implemented '802.1x or MAC-Auth' as
described on the how-to: the 802.1x is PEAP based (server's certificate
deployed on all client) with Computer authentication (instead of user
authentication) + Mac verification (in a specific table in radius db), and
for all non-capable 802.1x end-points (such as pointers) just a mac
verification. However, I m still confused about the following issues:
- since the above are just only deployed in my testing environment, and I
m supposed to deploy the same for 1k users, how much memory
(RAM,HD,Processor) should I allocate to radius server! The DB is also on
the same server as Freeradius.
- what kind of extra-layer could I add to the authentication layer (PC
authentication PEAP + MSCHAP v2, against AD 2008, + MAC Verification) to
make it even 'more secure'?
Thank you,
Regards,
KEN
More information about the Freeradius-Users
mailing list