freeradius, samba, AD peap/mschap-v2 redundancy and Certificate
schilling
schilling2006 at gmail.com
Wed Sep 15 20:07:16 CEST 2010
Hi,
We are thinking of authenticate users via 802.1x/mschapv2 with
freeradius, samba and Active Directory. Is the following a good
redundancy design? If not, which one is better?
radius1 1.1.1.1, radius2 2.2.2.2
Active Directory Domain Controllers 3.3.3.3 4.4.4.4
put 1.1.1.1 and 2.2.2.2 as primary/secondary radius server list in
switch/AP/controllers.
On radius1
krb5.conf
kdc = 3.3.3.3
kdc = 4.4.4.4
smb.conf
password server = 3.3.3.3, 4.4.4.4
On radius2
krb5.conf
kdc = 4.4.4.4
kdc = 3.3.3.3
smb.conf
password server = 4.4.4.4, 3.3.3.3
For certificate, do we need a server certificate for both radius1 and
radius2 if we want supplicant to verify the server certificate?
Thanks,
Schilling
More information about the Freeradius-Users
mailing list