Wednesday, July 24, 2019

Authentication on the network with FreeRADIUS and LDAP

Hi everyone,

So in my company we are trying to restrict the access to the network (Ethernet only) to only known computers. The configuration is pretty simple, n clients and 1 server which acts as a DHCP server and a LDAP server.

My plan so far is to setup FreeRADIUS to act as a DHCP server and assign an IP to a newly connected device only if it has the appropriate certificate.

What I'm wondering is, in the LDAP, should I put the certificate for each device, against which each device certificate will be compared. Or should I just publish the CA certificate, and then FreeRADIUS will check if the client certificate has been signed by the CA?

Also, is there any particular configuration to do aside from configuring the connection between FreeRADIUS and LDAP and setting up the certificates?

Thanks for your help.



No comments:

Post a Comment