Thanks for the clarification, Alan. Looks like a client corresponds to users' equipment (laptop in your example) OUTSIDE of my firewall. This means the NAS would be my BSD-based Pfsense gateway. I googled and found out that Pfsense supports FreeRADIUS, which answers my next question, "How do you implement NAS/FreeRADIUS communication?".
I get it now. Thanks for everyone's input. I'll feedback on the Kerberos implementation... Cheers! Thomas -----Original Message----- From: freeradius-users-bounces+thomas_reeves=verizon....@lists.freeradius.org [mailto:freeradius-users-bounces+thomas_reeves=verizon....@lists.freeradius.org] On Behalf Of Alan Buxey Sent: Monday, July 05, 2010 1:34 PM To: FreeRadius users mailing list Subject: Re: Who Talks to Who? Hi, > Im new to FreeRADIUS and I still dont have a good sense of who talks to who. > Ive attached a small PDF-format diagram of what Im trying to accomplish and > my IDEA of who talks to who. Any links or feedback would be appreciated clients (eg users laptops) talk to NAS (eg wifi access point), which talk to RADIUS server, which then uses eg SQL, LDAP, AD or a flat file locally to authenticate. a client doesnt talk directly to the RADIUS server (dont forget, in eg 802.1X environment, the client isnt even on the network...its using eg EAPOL to talk over a L2 link to the access point). alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
