Freeradius vs Security

Carsten Schulze carsten.schulze at
Wed Apr 3 09:00:35 CEST 2019


we split the accounts into an AD and a LDAP-Wlan-Account and force the 
people to use different passwords.

The WLAN-IPs also dont't have full access to all intranet ressources as 
well. If they want to access them, the people have to open a 
VPN-Connection with AD account and password first.

CAT is a good tool for generating the configuration and to increase the 
security. You can setupĀ  a proxy realm like 
"jshd92dfkjf0fjspd at" and only this realm would be proxyied 
to your radius. Anybody who didn't know it, can't connect. Now you can 
force your users to use the cat tools. Keep in mind what happen if the 
tools don't work on the client.


More information about the Freeradius-Users mailing list