802.1X Extra Miles
mcn4 at leicester.ac.uk
Wed May 4 18:25:43 CEST 2016
On Wed, May 04, 2016 at 07:12:53PM +0300, 3 at D4rkn3ss DuMb wrote:
> - since the above are just only deployed in my testing environment, and I
> m supposed to deploy the same for 1k users, how much memory
> (RAM,HD,Processor) should I allocate to radius server!
Until recently I was running a RADIUS server here for 10k users
mostly doing PEAP/MSCHAPv2 with Samba on 384Mb RAM and a couple of
virtual CPUs. Now has 2Gb RAM because the host has 64Gb and I
didn't know what to do with it.
1k users is nothing really, unless they are authenticating
> The DB is also on the same server as Freeradius.
This is what you need to care about more than FR. Talk to a DBA to
size that. IMO you still won't need much for that number of users.
Just spin up a small VM and try it. It's 2016. Hardware is cheap
> - what kind of extra-layer could I add to the authentication layer (PC
> authentication PEAP + MSCHAP v2, against AD 2008, + MAC Verification) to
> make it even 'more secure'?
Move to EAP-TLS and check certificates instead. As added bonuses,
authentications will be quicker and the load on your RADIUS server
will likely drop.
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users