Thank You freeRADIUS!

Thomas Simmons twsnnva at gmail.com
Wed Mar 6 14:44:19 CET 2013


Hello All,

I have been working on a pretty major upgrade of the "core authentication
system" at my company. The original system was designed and deployed by me
nearly a decade ago, and was built around Samba3, OpenLDAP and freeRADIUS
1. Until I started the upgrade, I was unaware of the new capabilities of
freeRADIUS 2, namely virtual servers. To be honest, when I started a few
months back it was primarily for the functionality of Samba 4 (Active
Directory). That said, when I became aware of the capabilities of
freeRADIUS 2, it gave me some great ideas about authentication.Until now,
we had a simple internal network where people could login with their Samba3
credentials and a external (connected to our DMZ) network that just used
WPA2-PSK. I never liked this setup for two reasons: 1) anyone could bring
their own device and connect to our internal network (it's gotten really
bad since smartphones and tablets became the new craze) and 2) we have a
large number of employees that are off-site, but come on-site regularly.
These employees always want to connect to our main network with
non-or-other-company systems since using their domain credentials is
easier. In any event, I really started digging into freeRADIUS 2 over the
last week and now have an internal network that does AD auth (user or
computer) w/ MAC restrictions and an external network that does both AD
auth and has a "guest" account in a file (I may change this to MySQL and
create a small web interface so employees can create a temporary,
self-expiring account for guests). The only hiccup I ran into along the way
was Microsoft's client not liking wildcard certs, so I can say it was a
very smooth process from a freeRADIUS perspective. Now I'm starting to
think how can we push this out to a few other sites we have across the
country. Pretty easily actually!

Anyhow, I just wanted to give a big thank you to Mr. DeKok and anyone else
who works on freeRADIUS or helps on the lists. As a lllloooonnngggg time
user, your efforts are very much appreciated here!

Thanks,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130306/629d92d9/attachment.html>


More information about the Freeradius-Users mailing list