New install samba or LDAP

classic Classic list List threaded Threaded
5 messages Options
| Threaded
Open this post in threaded view
|

New install samba or LDAP

Users mailing list
Hi Folks,

After years of running NPS for RADIUS we are getting started with
freeRADIUS. Use will be primarily for our eduroam 802.1x wireless network.
We have a single site with 4 AD DCs. Expected load is a few authentications
per second (4,000 users, 10K+ devices).

A few years back we migrated away from samba/winbind and all systems now
use an LDAP-based sssd config. Most of the freeRADIUS guides I've come
across document using samba; we are more familiar with LDAP than samba.

What is the recommendation for new installations - samba or LDAP? Are there
significant pros and cons to either approach? Thanks!

ajs
--
*Tony Skalski*
System Administrator | IT

*Office: *507-786-3227 <(507)786-3227>
1510 St. Olaf Avenue Northfield, MN 55057
stolaf.edu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: New install samba or LDAP

Alan DeKok-2
On Dec 9, 2020, at 2:49 PM, Tony Skalski via Freeradius-Users <[hidden email]> wrote
> After years of running NPS for RADIUS we are getting started with
> freeRADIUS. Use will be primarily for our eduroam 802.1x wireless network.
> We have a single site with 4 AD DCs. Expected load is a few authentications
> per second (4,000 users, 10K+ devices).
>
> A few years back we migrated away from samba/winbind and all systems now
> use an LDAP-based sssd config. Most of the freeRADIUS guides I've come
> across document using samba; we are more familiar with LDAP than samba.

  The main reason people use Samba is for integration with Active Directory.  If you're not using AD, there's less reason to use Samba.

> What is the recommendation for new installations - samba or LDAP? Are there
> significant pros and cons to either approach? Thanks!

  If you don't need AD, just use LDAP.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: New install samba or LDAP

Users mailing list
Thanks. We do have AD, and will use it for authn and authz. The LDAP config
looked more straightforward than the samba config. Are there any downsides
to using just LDAP in an AD environment?

On Wed, Dec 9, 2020 at 2:08 PM Alan DeKok <[hidden email]> wrote:

> On Dec 9, 2020, at 2:49 PM, Tony Skalski via Freeradius-Users <
> [hidden email]> wrote
> > After years of running NPS for RADIUS we are getting started with
> > freeRADIUS. Use will be primarily for our eduroam 802.1x wireless
> network.
> > We have a single site with 4 AD DCs. Expected load is a few
> authentications
> > per second (4,000 users, 10K+ devices).
> >
> > A few years back we migrated away from samba/winbind and all systems now
> > use an LDAP-based sssd config. Most of the freeRADIUS guides I've come
> > across document using samba; we are more familiar with LDAP than samba.
>
>   The main reason people use Samba is for integration with Active
> Directory.  If you're not using AD, there's less reason to use Samba.
>
> > What is the recommendation for new installations - samba or LDAP? Are
> there
> > significant pros and cons to either approach? Thanks!
>
>   If you don't need AD, just use LDAP.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



--
*Tony Skalski*
System Administrator | IT

*Office: *507-786-3227 <(507)786-3227>
1510 St. Olaf Avenue Northfield, MN 55057
stolaf.edu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: New install samba or LDAP

Alan DeKok-2


> On Dec 9, 2020, at 3:31 PM, Tony Skalski via Freeradius-Users <[hidden email]> wrote:
>
> Thanks. We do have AD, and will use it for authn and authz.

  OK.

> The LDAP config
> looked more straightforward than the samba config. Are there any downsides
> to using just LDAP in an AD environment?

  AD isn't an LDAP server.  It pretends to be one, but it's not really.

  If you plan on using PEAP, you *must* use Samba.  See my web site for more details:  http://deployingradius.com

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: New install samba or LDAP

Users mailing list
> If you plan on using PEAP, you *must* use Samba

This is the piece of info I needed. And I am using your web site as my
guide. Thanks!

On Wed, Dec 9, 2020 at 3:30 PM Alan DeKok <[hidden email]> wrote:

>
>
> > On Dec 9, 2020, at 3:31 PM, Tony Skalski via Freeradius-Users <
> [hidden email]> wrote:
> >
> > Thanks. We do have AD, and will use it for authn and authz.
>
>   OK.
>
> > The LDAP config
> > looked more straightforward than the samba config. Are there any
> downsides
> > to using just LDAP in an AD environment?
>
>   AD isn't an LDAP server.  It pretends to be one, but it's not really.
>
>   If you plan on using PEAP, you *must* use Samba.  See my web site for
> more details:  http://deployingradius.com
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



--
*Tony Skalski*
System Administrator | IT

*Office: *507-786-3227 <(507)786-3227>
1510 St. Olaf Avenue Northfield, MN 55057
stolaf.edu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html