Freeradius vs Security
carsten.schulze at leuphana.de
Wed Apr 3 09:00:35 CEST 2019
we split the accounts into an AD and a LDAP-Wlan-Account and force the
people to use different passwords.
The WLAN-IPs also dont't have full access to all intranet ressources as
well. If they want to access them, the people have to open a
VPN-Connection with AD account and password first.
CAT is a good tool for generating the configuration and to increase the
security. You can setup a proxy realm like
"jshd92dfkjf0fjspd at yourdomain.com" and only this realm would be proxyied
to your radius. Anybody who didn't know it, can't connect. Now you can
force your users to use the cat tools. Keep in mind what happen if the
tools don't work on the client.
More information about the Freeradius-Users