Hi, > I'm new to radius so I have some basic questions regarding the design and > deployment of our freeradius server. > We want to use freeradius for our BYOD deployment. We have the following: > Ubuntu, OpenLDAP, Ruckus Zone Director and a Safe_Connect NAC. Our > passwords are not clear text in ldap. We would like to avoid client > certificates and we would like to do dynamic VLAN assignments. > I'd like to verify that I'm on the right track here with setting up the > protocols and types to use. > We have to use PAP because of not having clear text passwords? > To avoid client certificates, we can use PEAP type of EAP?
those 2 dont go together - you cannot have PAP with PEAP. EAP-TTLS has a PAP method but then some clients dont have EAP-TTLS ability (and some do with an extra supplicant installed). > Also, we have a wildcard domain SSL certificate, can this be used or do we > have to create a new one for this purpose on the server? some clients dont like such......but so long as the RADIUS server is signed with certificate that has the required extensions you'll be okay > Is there a recommended configuration for this type of deployment? Do you > have any tips or tricks that would make our deployment go smoother? ?? theres hundreds of ways of deploying. however, so long as your LDAP backend has the entries that allow you to distinguish between eg a registered device (eg known MAC) or type of ID eg staff or student, you can do the required policies. FreeRADIUS can return the required reply values to your kit to instruct the VLAN/WLAN ID/number. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
