1.7 KiB
1.7 KiB
Now
- Probably MS Radius Server. -> Network Policy Server on gg-srv-pd-app-01
!
- eap type: secured peap (proprietary?)
- mschapv2 as second next
TODO
- ruckus network config
- network config
- Ruckus filter via username (identity + group). If user already connected with one device do not allow other device. Measure time -> next 8 hours device is connected and can not connect with other device
- test authentication with user not being in ldap group
- Restrict user login to only one device at a time
- Auto logout after 8h
Notes
- MS AD makes things complicated
- RADIUS does not get 'good password' from AD which it needs
Questions
- Which authorization and authentication methods do the iPads use?
- How should the system behave when the same user connects with different devices?
- Do we track the used devices?
- Are rules applied depending on the user or/and on the device?
Resources
- ruckus radius attributes
- https://www.golinuxcloud.com/configure-freeradius-pap-chap-authentication/
- https://www.freeradius.org/documentation/freeradius-server/3.2.8/concepts/modules/ldap/authentication.html
- https://www.inkbridgenetworks.com/blog/blog-10/how-to-connect-freeradius-to-active-directory-for-authentication-105
- https://www.inkbridgenetworks.com/blog/blog-10/can-you-use-freeradius-and-active-directory-together-121
- https://cloudinfrastructureservices.co.uk/setup-freeradius-active-directory-authentication-integration/
- https://nbailey.ca/post/peap-freeradius/