Some questions about freeRADIUS implementation, PLEASE HELP ME!!

[alfonso celestino]

Hi, I need your help 

We decide to use freeRADIUS as Radius Server on a Big
wireless Network (in a university )
with about five hundred APs, but there are some
questions (maybe basic questions)  
I need from  your help to understand them better.

1. About certificates
In the first stage we will use EAP-PEAP authentication
with Primary and backup Radius Servers.
I think to do next:
At the Primary Server, I will generate the root,
Primary Server and Backup Server certificates,
 then I will copy the root and Backup Server
certificates to Backup server, That's correct?.
or I have to generate  one more time the root and
backup server certificates 
in the backup server.

2. At the second stage we will implement a PKI and
we'll use EAP-TLS and my doubt is about
   LDAP data base and simultaneous-use, for example
with EAP-PEAP I add the next lines to users file :
 
.......
DEFAULT        Ldap-Group == group1, Simultaneous-Use
:= 1
              Aruba-User-Role = "ESTUDIANTE",

DEFAULT        Ldap-Group == group2, Simultaneous-Use
:= 1
              Aruba-User-Role = "PROFESORES",
DEFAULT ....
.....

And work perfectly, But what happen if we use EAP-TLS
--> client certificates, exists any way to obtain the
same results? 
,if it is affirmative, how can I do it (some
references, howto's)
!!because when I use EAP-TLS I don't need to add
nothing at users file nor in LDAP data base!!.

3. Finaly exists some advantages If I use Solaris
instead a Normal PC with Linux(Debian).


Your help will be very important for me!!
Thanks in advance

NOTE: simultaneous-use work perfectly with some NAS,
with ARUBA NAS don't do it, but I thing need some
little changes in the checkrad.pl script.

Alfonso Celestino
DGSCA,UNAM


__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
Regístrate ya - http://correo.yahoo.com.mx/