Best FR backend authentication method for Microsoft AD
diggins at mcmaster.ca
Fri Jul 14 18:09:49 CEST 2017
I've been running FreeRadius v2 for many years with Samba and NTLM_AUTH to authenticate my users with very few issues. I'm about to refresh my FreeRadius servers to V3 and wondered if that was still the best method to use. My organization has a number of other services using LDAP to authenticate to AD and I am considering changing to that, or at least I was until I read that this was NOT recommended.
If I must use the AD backend (and I must), what is the best method from a reliability, security, and performance perspective?
My FR authenticates and authorizes my Wi-Fi users (WPA2 enterprise with certs) and VPN. I also have a separate pair of FR servers for Eduroam. My AD is Windows 2016 if that helps.
More information about the Freeradius-Users