15 Sep
2010
15 Sep
'10
2:07 p.m.
Hi, We are thinking of authenticate users via 802.1x/mschapv2 with freeradius, samba and Active Directory. Is the following a good redundancy design? If not, which one is better? radius1 1.1.1.1, radius2 2.2.2.2 Active Directory Domain Controllers 3.3.3.3 4.4.4.4 put 1.1.1.1 and 2.2.2.2 as primary/secondary radius server list in switch/AP/controllers. On radius1 krb5.conf kdc = 3.3.3.3 kdc = 4.4.4.4 smb.conf password server = 3.3.3.3, 4.4.4.4 On radius2 krb5.conf kdc = 4.4.4.4 kdc = 3.3.3.3 smb.conf password server = 4.4.4.4, 3.3.3.3 For certificate, do we need a server certificate for both radius1 and radius2 if we want supplicant to verify the server certificate? Thanks, Schilling