RADIUS Server Without Active Directory®

By Zach DeMeyer Posted November 24, 2019

RADIUS without Active Directory | People on Laptops in Conference Room

Can you implement a RADIUS server without Active Directory® (AD) backending it? For a long time in IT, admins used the on-prem directory service as the source of user data for their RADIUS servers, ensuring their networks were as secure as possible. With the prevalence of the cloud in the IT landscape, however, on-prem server functions seem to be going out of style. So, the question becomes: how do you shift RADIUS to the cloud without AD backending it?

Why RADIUS?

When compared to traditional methods, using RADIUS — or the Remote Access Dial-In User Service — allows organizations to tighten up their network security more thoroughly. Many organizations implement RADIUS to require a unique set of credentials to authenticate users to WiFi networks, which, when used in addition to just a shared WPA key, reduces the likelihood of a network breach.

RADIUS also enables the use of multi-factor authentication (MFA) on VPN connections. Although MFA is a more recent trend, securing VPNs was one of RADIUS’s core use cases.

Managing RADIUS Access through AD

In order to properly authenticate access, RADIUS requires a directory to compare relayed credentials against. Most RADIUS servers can authenticate against user credentials stored within it, but the process is made more secure by leveraging the core identity from a directory service. Given that AD has dominated the directory services scene since its inception, it made sense to pair it with RADIUS. Plus, historically, RADIUS servers are generally housed on-prem, which puts it directly in the range of the AD domain controller’s reach. 

In fact, Microsoft® created its own RADIUS-like solution called Windows® NPS to provide RADIUS-like capabilities to the AD domain. For much of the early 21st century, IT admins equipped with Active Directory and NPS or a standalone RADIUS server, such as FreeRADIUS, could rest assured that they had tightly controlled network access.

The Cloud Changed Everything

Although they don’t have direct interactions with RADIUS, the host of cloud applications and infrastructure that has risen in prevalence in the modern IT (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/radius-without-ad/

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 330 posts and counting.See all posts by zach-demeyer