802.1X Extra Miles

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed May 4 18:19:30 CEST 2016


> On 4 May 2016, at 09:12, 3 at D4rkn3ss DuMb <32d4rkn3ss at gmail.com> wrote:
> 
> Dear List,
> 
> I hope you are all doing fine.

No.

> I know that the following question might be
> 'out of scope' of the user's list but still,

It's not, but it's been answered before, so I suggest you read through the archives.

> I would like to ask some
> user's experience. I successfully implemented '802.1x or MAC-Auth' as
> described on the how-to: the 802.1x is PEAP based (server's certificate
> deployed on all client) with Computer authentication (instead of user
> authentication) + Mac verification (in a specific table in radius db), and
> for all non-capable 802.1x end-points (such as pointers) just a mac
> verification. However, I m still confused about the following issues:
> - since the above are just only deployed in my testing environment, and I
> m supposed to deploy the same for 1k users, how much memory
> (RAM,HD,Processor) should I allocate to radius server!

42PB of Ram, Disk space, and Processors.

> The DB is also on
> the same server as Freeradius.
> - what kind of extra-layer could I add to the authentication layer (PC
> authentication PEAP + MSCHAP v2, against AD 2008, + MAC Verification) to
> make it even 'more secure'?

EAP-TLS.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160504/1cd4ee34/attachment-0001.sig>


More information about the Freeradius-Users mailing list