Re: Radius Integration with Active Directory
On Fri, Mar 25, 2011 at 6:19 PM, Raheel Itrat wrote: > Alright thats from performance point of view, but if we integrate it with > Active Directory then wouldn't that be a security issue to use protocol like > NTLM?. Why would it be security issue? No clear-text password would be transmitted. > I'd appreciate if someone can provide me a good howto link for > freradius integration with Microsoft AD Start with http://deployingradius.com/documents/configuration/active_directory.html Or use freeradius to proxy the request to MS IAS. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Integration with Active Directory
Alright thats from performance point of view, but if we integrate it with Active Directory then wouldn't that be a security issue to use protocol like NTLM?. I'd appreciate if someone can provide me a good howto link for freradius integration with Microsoft AD > Date: Fri, 25 Mar 2011 09:55:54 +0100 > From: al...@deployingradius.com > To: freeradius-users@lists.freeradius.org > Subject: Re: Radius Integration with Active Directory > > Sallee, Stephen (Jake) wrote: > > While MS ISA will start to really putter out at about 50-100 NASs > > (depending on your hardware) FR will happily hum along with THOUSANDS > > of NASs. > > I've done tests with 500,000 clients in the "clients.conf" file. The > server uses a fair bit of RAM, but performance is largely unaffected. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Integration with Active Directory
Raheel Itrat wrote: > I have installed a freeradius machine on ubuntu server, now my boss > wants me to integrate it with the Active directory so that the users can > be authenticated through it. I was wondering design wise does it make > sense to have a free radius server in between if we can run radius on > the windows machine itself? what are security best practices in this case? FreeRADIUS doesn't (yet) run on Windows. Just run it on another server. Or, run it on a VMware image on the Windows server. It will use minimal CPU, disk, and RAM. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Integration with Active Directory
Sallee, Stephen (Jake) wrote: > While MS ISA will start to really putter out at about 50-100 NASs > (depending on your hardware) FR will happily hum along with THOUSANDS > of NASs. I've done tests with 500,000 clients in the "clients.conf" file. The server uses a fair bit of RAM, but performance is largely unaffected. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Integration with Active Directory
While MS ISA is fine for very small deployments it cannot scale very well in my experience. While FR scales extremely well. While MS ISA will start to really putter out at about 50-100 NASs (depending on your hardware) FR will happily hum along with THOUSANDS of NASs. Jake Sallee Network Engineer University of Mary Hardin-Baylor Fone: 254-295-4658 Phax: 254-295-4221 From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] On Behalf Of Raheel Itrat Sent: Friday, March 25, 2011 1:08 AM To: freeradius-users@lists.freeradius.org Subject: Radius Integration with Active Directory Hi all, I have installed a freeradius machine on ubuntu server, now my boss wants me to integrate it with the Active directory so that the users can be authenticated through it. I was wondering design wise does it make sense to have a free radius server in between if we can run radius on the windows machine itself? what are security best practices in this case? Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html