Recommendations for Replacing Our RADIUS Server with a Modern Solution

By
William Rossbach
-
0
14
Asked By CoolCat42 On

Hey everyone, I'm looking to modernize our wireless authentication system as our current setup with Active Directory and NPS is getting a bit outdated. We're currently using PEAP-MSCHAPv2 for authentication to avoid certificate installations on personal devices, since we have a mix of BYOD and external clients accessing the network.

On the Wi-Fi end, we use FortiAPs with dynamic VLAN assignments based on users' group memberships. However, there are several limitations, such as the reliance on outdated NTLM authentication, the need to disable credential guard on our Intune profiles, and the inherent weaknesses of MSCHAPv2.

I'm exploring alternatives that won't depend on machine certificates, can manage users and VLAN assignments, offer logging capabilities, and come with a user-friendly interface. Ideally, it should be self-hosted with deployment options through a minimal Docker stack, support non-English translations, and be IPv6 compatible.

While I have looked into options like FreeRADIUS (too complex), PacketFence (not quite right), and maintaining our current setup (not ideal), I'm also considering FreeIPA, but I haven't found much on its Docker compatibility. Do any of you have recommendations? Thanks!

5 Answers

Answered By NetworkNinja88 On

You might be dismissing EAP-TLS too quickly. It can work with user certificates instead of machine certificates, which could be a game changer for BYOD. You could maintain your VLAN assignments with NPS while shifting the focus from passwords to managing certificate issuance.

Answered By SysAdminSammy On

Honestly, keeping AD might be your best bet, especially with Windows endpoints in your environment. Have you checked out Aruba Clearpass? It's feature-rich and could work well as a RADIUS replacement.

Answered By CloudWizard On

We're using a hybrid setup with cloud PKI instead of RADIUS, and it’s been fantastic for our needs. It's definitely worth looking into!

Answered By TechGuru99 On

Have you thought about using a captive portal with 365 SSO login? It might simplify things, especially when user passwords change or expire. It could handle re-authentication easily compared to traditional RADIUS setups. For managed devices, I'd still recommend certificate-based authentication.

Answered By DevOpsDude22 On

Have you looked into Splashtop Foxpass? It's been looking like a solid tool for RADIUS replacement tasks.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.