30 Jan
2017
30 Jan
'17
11:26 a.m.
Dear List, I have a working setup of 5 FreeRadius servers for my WIFI users. Since the NAS number is increasing in monthly basis, I am wondering what is the best practice (security) when it comes NAS user authentication: - would it be better to have a separate server for the NAS user (cisco users) authentication ? or could I have both the WiFi user auth and NAS user auth on the same server? - The WiFi auth is based on MSCHAP module (against the AD), and since MSCHAP is not possible with the NAS user authentication, I assume that I have to use NTLM with PAP to authenticate the NAS user to the AD; These setup can't be on the same server (at least binding on same ports). Am I correct? or do I have it wrong? Thank you, Regards