On 4 May 2016, at 09:12, 3@D4rkn3ss DuMb <32d4rkn3ss@gmail.com> wrote:
Dear List,
I hope you are all doing fine.
No.
I know that the following question might be 'out of scope' of the user's list but still,
It's not, but it's been answered before, so I suggest you read through the archives.
I would like to ask some user's experience. I successfully implemented '802.1x or MAC-Auth' as described on the how-to: the 802.1x is PEAP based (server's certificate deployed on all client) with Computer authentication (instead of user authentication) + Mac verification (in a specific table in radius db), and for all non-capable 802.1x end-points (such as pointers) just a mac verification. However, I m still confused about the following issues: - since the above are just only deployed in my testing environment, and I m supposed to deploy the same for 1k users, how much memory (RAM,HD,Processor) should I allocate to radius server!
42PB of Ram, Disk space, and Processors.
The DB is also on the same server as Freeradius. - what kind of extra-layer could I add to the authentication layer (PC authentication PEAP + MSCHAP v2, against AD 2008, + MAC Verification) to make it even 'more secure'?
EAP-TLS. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2