I'm playing around with 802.1x over the wire in a development environment at work and it's pretty much functional with the Windows and OS X hosts I've been testing with (OpenLDAP as backend userstore).
My next step is getting 802.1x working such that FreeRADIUS can authenticate users to different Active Directory user stores based on the domain provided. What would be the best way to implement FreeRADIUS such that authorization/authentication requests are confirmed against different Active Directory domains based on the domain information provided with the username? Should I light up a new FreeRADIUS instance to correspond to each AD domain (or OpenLDAP) and proxy from the primary FreeRADIUS server handling 802.1x requests? Or should I handle it at the site configuration level and load a different 'ldap' module based on the domain provided with the username? Or is there another best practice? --- Jonathan Ocab | [email protected] Infrastructure Security Analyst Computing and Communications University of California, Riverside - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
