https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/vsz-with-google-cloud-identity-ldap-or-radius/m-p/31666#M2363 Thanks for the link the the radius-with-google container though.. I guess it can be quite useful in plenty of other situations! Thu, 09 Apr 2020 22:49:52 GMT diego_garcia_de 2020-04-09T22:49:52Z https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/vsz-with-google-cloud-identity-ldap-or-radius/m-p/31664#M2361 We are using vSZ with WPA2 authentication, but we are also are implementing google cloud identy services. According to this post&nbsp;<A alt="" href="https://forums.ruckuswireless.com/ruckuswireless/topics/vsz-client-authentication-using-google-ldaps" name="" rel="nofollow" target="" title="" type="" value="">https://forums.ruckuswireless.com/ruckuswireless/topics/vsz-client-authentication-using-google-ldaps</A>&nbsp;we cannot connect directly to vSZ<BR alt="" name="" rel="" target="" title="" type="" value="" /><BR alt="" name="" rel="" target="" title="" type="" value="" />So now I'm wondering: should I spinup a freeradius server on an ip address which authenticates via the google LDAP (I've got the radius part working via this container&nbsp;<A alt="" href="https://github.com/hacor/unifi-freeradius-ldap" name="" rel="nofollow" target="" title="" type="" value="">https://github.com/hacor/unifi-freeradius-ldap</A>)&nbsp;<BR />Or should I spinup something like an LDAP proxy to google on an ip address (never tried that)&nbsp;?<BR /><BR />Is there a difference in performance?<BR /><BR />Our vSZ is running on gce. I'm also wondering if I should run this radius/ldap proxy on our local network or on gce for performance reasons...<BR /><BR />I hope somebody can help me with these decisions.<BR /><BR />Kind regards, Wessel&nbsp; Thu, 09 Apr 2020 22:14:57 GMT https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/vsz-with-google-cloud-identity-ldap-or-radius/m-p/31664#M2361 wessel_louwris 2020-04-09T22:14:57Z https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/vsz-with-google-cloud-identity-ldap-or-radius/m-p/31665#M2362 I still need to test it myself.. but I think an ldap proxy (to just add the certificate authentication that google wants) is probably the easiest option. Google mentions the use of stunnel (<A alt="" href="https://support.google.com/a/answer/9089736#stunnel" name="" rel="nofollow" target="" title="" type="" value="">https://support.google.com/a/answer/9089736#stunnel</A>) as a proxy but Im not sure if vsz as an ldap client can be tweaked enough to make it work. I would run stunnel in GCE though especially if you have smartzone hosted in GCE as well. You can do the whole authentication over private google IPs even. Thu, 09 Apr 2020 22:47:15 GMT https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/vsz-with-google-cloud-identity-ldap-or-radius/m-p/31665#M2362 diego_garcia_de 2020-04-09T22:47:15Z https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/vsz-with-google-cloud-identity-ldap-or-radius/m-p/31666#M2363 Thanks for the link the the radius-with-google container though.. I guess it can be quite useful in plenty of other situations! Thu, 09 Apr 2020 22:49:52 GMT https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/vsz-with-google-cloud-identity-ldap-or-radius/m-p/31666#M2363 diego_garcia_de 2020-04-09T22:49:52Z