[TriLUG] LDAP/Radius caching solution
Scott Miller
scottlinux at gmail.com
Mon Dec 9 09:32:56 EST 2013
I worked at UC Davis in a lowly IT job and they have 802.1x wifi using a
load balanced pool of freeradius servers pointed to LDAP. (A Sun unixy LDAP
product). I was not involved in configuring this, but anyways this setup
worked fine.
~65,000 accounts
Hey LUG,
>
> I'm looking to poll the audience and gauge a public opinion on this.
>
> I'm looking to spin up a couple LDAP or Radius servers which will
> function mostly as a cache for authentication requests and keep some
> calls off our main server. Right now, we're using Active Directory
> for the LDAP with a mix of microsoft's IAS (internet authentication
> services) and NPS (network policy server) to handle radius calls.
>
> This is just for handling our 802.1x authentication over wifi
> (potentially wired in the future), so peap and mschap are the bare
> minimums for encryption. I think most of the big boys handle this
> (389, directory services, freeradius, samba, etc.).
>
> I guess what I'm asking is, how would ya'll tackle this?
>
> My thinking was just spinning up freeradius, point it to our LDAP and
> call it a day. But the idea of running samba as an LDAP server is
> also appealing. Would it really buy me anything to go into a full
> identity management solution like freeipa?
>
> Also, to help with a scope, our LDAP has ~50,000 OUs and we're
> handling 5-10 radius requests per second.
>
> Thanks!
> --William
>
More information about the TriLUG
mailing list