wifi users + NAS users auth against AD

3@D4rkn3ss DuMb 32d4rkn3ss at gmail.com
Mon Jan 30 17:26:35 CET 2017

Dear List,

I have a working setup of 5 FreeRadius servers for my WIFI users.
Since the NAS number is increasing in monthly basis, I am wondering
what is the best practice (security) when it comes NAS user
 - would it be better to have a separate server for the NAS user
(cisco users) authentication ? or could I have both the WiFi user auth
and NAS user auth on the same server?
 - The WiFi auth is based on MSCHAP module (against the AD), and since
MSCHAP is not possible with the NAS user authentication, I assume that
I have to use NTLM with PAP to authenticate the NAS user to the AD;
These setup can't be on the same server (at least binding on same
ports). Am  I correct? or do I have it wrong?

Thank you,


More information about the Freeradius-Users mailing list