This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
- Community
- RUCKUS Technologies
- RUCKUS Lennar Support
- Community Services
- RTF
- RTF Community
- Australia and New Zealand – English
- Brazil – Português
- China – 简体中文
- France – Français
- Germany – Deutsch
- Hong Kong – 繁體中文
- India – English
- Indonesia – bahasa Indonesia
- Italy – Italiano
- Japan – 日本語
- Korea – 한국어
- Latin America – Español (Latinoamérica)
- Middle East & Africa – English
- Netherlands – Nederlands
- Nordics – English
- North America – English
- Poland – polski
- Russia – Русский
- Singapore, Malaysia, and Philippines – English
- Spain – Español
- Taiwan – 繁體中文
- Thailand – ไทย
- Turkey – Türkçe
- United Kingdom – English
- EOL Products
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- RUCKUS Forums
- RUCKUS Technologies
- SZ / vSZ
- Re: vsz with google cloud identity: ldap or radius
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
vsz with google cloud identity: ldap or radius
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2020 03:14 PM
We are using vSZ with WPA2 authentication, but we are also are implementing google cloud identy services. According to this post https://forums.ruckuswireless.com/ruckuswireless/topics/vsz-client-authentication-using-google-ldaps we cannot connect directly to vSZ
So now I'm wondering: should I spinup a freeradius server on an ip address which authenticates via the google LDAP (I've got the radius part working via this container https://github.com/hacor/unifi-freeradius-ldap)
Or should I spinup something like an LDAP proxy to google on an ip address (never tried that) ?
Is there a difference in performance?
Our vSZ is running on gce. I'm also wondering if I should run this radius/ldap proxy on our local network or on gce for performance reasons...
I hope somebody can help me with these decisions.
Kind regards, Wessel
So now I'm wondering: should I spinup a freeradius server on an ip address which authenticates via the google LDAP (I've got the radius part working via this container https://github.com/hacor/unifi-freeradius-ldap)
Or should I spinup something like an LDAP proxy to google on an ip address (never tried that) ?
Is there a difference in performance?
Our vSZ is running on gce. I'm also wondering if I should run this radius/ldap proxy on our local network or on gce for performance reasons...
I hope somebody can help me with these decisions.
Kind regards, Wessel
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2020 03:47 PM
I still need to test it myself.. but I think an ldap proxy (to just add the certificate authentication that google wants) is probably the easiest option. Google mentions the use of stunnel (https://support.google.com/a/answer/9089736#stunnel) as a proxy but Im not sure if vsz as an ldap client can be tweaked enough to make it work. I would run stunnel in GCE though especially if you have smartzone hosted in GCE as well. You can do the whole authentication over private google IPs even.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2020 03:49 PM
Thanks for the link the the radius-with-google container though.. I guess it can be quite useful in plenty of other situations!
Labels
-
9210
1 -
AD
1 -
AP Controller Connectivity
1 -
AP Management
3 -
API Help
1 -
Client Management
3 -
er
1 -
Google
1 -
Guest Access
2 -
IP Multicast
1 -
Proposed Solution
3 -
RADIUS
2 -
RUCKUS Self-Help
8 -
SmartZone
4 -
SmartZone or vSZ
6 -
Social Media
1 -
Solution Proposed
3 -
string
1 -
Traffic Management-
1 -
User Management
2 -
vSZ
2 -
Wifi
1 -
WLAN Management
2
- « Previous
- Next »
