[TriLUG] LDAP/Radius caching solution

William Chandler wcchandler at gmail.com
Mon Dec 9 07:58:15 EST 2013

Hey LUG,

I'm looking to poll the audience and gauge a public opinion on this.

I'm looking to spin up a couple LDAP or Radius servers which will
function mostly as a cache for authentication requests and keep some
calls off our main server.  Right now, we're using Active Directory
for the LDAP with a mix of microsoft's IAS (internet authentication
services) and NPS (network policy server) to handle radius calls.

This is just for handling our 802.1x authentication over wifi
(potentially wired in the future), so peap and mschap are the bare
minimums for encryption.  I think most of the big boys handle this
(389, directory services, freeradius, samba, etc.).

I guess what I'm asking is, how would ya'll tackle this?

My thinking was just spinning up freeradius, point it to our LDAP and
call it a day.  But the idea of running samba as an LDAP server is
also appealing.  Would it really buy me anything to go into a full
identity management solution like freeipa?

Also, to help with a scope, our LDAP has ~50,000 OUs and we're
handling 5-10 radius requests per second.


More information about the TriLUG mailing list