802.1X Extra Miles
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed May 4 18:30:13 CEST 2016
Hi,
> - since the above are just only deployed in my testing environment, and I
> m supposed to deploy the same for 1k users, how much memory
> (RAM,HD,Processor) should I allocate to radius server! The DB is also on
> the same server as Freeradius.
a quite basic server for 1000 devices. 2GHz, 4Gb RAM, 120G HD. thats probably overkill.
> - what kind of extra-layer could I add to the authentication layer (PC
> authentication PEAP + MSCHAP v2, against AD 2008, + MAC Verification) to
> make it even 'more secure'?
its pretty strong stuff so long as the client is correctly configured..... next step up
would be to run your own PKI and use EAP-TLS instead. the Mac auth is your weak point...
whats stopping someone borrowing a known/valid MAC address? are you suing some kind of system/OS/fingerprint
in conjunction with MacAuth ?
alan
More information about the Freeradius-Users
mailing list