wifi users + NAS users auth against AD
3@D4rkn3ss DuMb
32d4rkn3ss at gmail.com
Mon Jan 30 17:26:35 CET 2017
Dear List,
I have a working setup of 5 FreeRadius servers for my WIFI users.
Since the NAS number is increasing in monthly basis, I am wondering
what is the best practice (security) when it comes NAS user
authentication:
- would it be better to have a separate server for the NAS user
(cisco users) authentication ? or could I have both the WiFi user auth
and NAS user auth on the same server?
- The WiFi auth is based on MSCHAP module (against the AD), and since
MSCHAP is not possible with the NAS user authentication, I assume that
I have to use NTLM with PAP to authenticate the NAS user to the AD;
These setup can't be on the same server (at least binding on same
ports). Am I correct? or do I have it wrong?
Thank you,
Regards
More information about the Freeradius-Users
mailing list