Showing results for 
Search instead for 
Did you mean: 

vsz with google cloud identity: ldap or radius

New Contributor
We are using vSZ with WPA2 authentication, but we are also are implementing google cloud identy services. According to this post we cannot connect directly to vSZ

So now I'm wondering: should I spinup a freeradius server on an ip address which authenticates via the google LDAP (I've got the radius part working via this container
Or should I spinup something like an LDAP proxy to google on an ip address (never tried that) ?

Is there a difference in performance?

Our vSZ is running on gce. I'm also wondering if I should run this radius/ldap proxy on our local network or on gce for performance reasons...

I hope somebody can help me with these decisions.

Kind regards, Wessel 

Contributor III
I still need to test it myself.. but I think an ldap proxy (to just add the certificate authentication that google wants) is probably the easiest option. Google mentions the use of stunnel ( as a proxy but Im not sure if vsz as an ldap client can be tweaked enough to make it work. I would run stunnel in GCE though especially if you have smartzone hosted in GCE as well. You can do the whole authentication over private google IPs even.

Contributor III
Thanks for the link the the radius-with-google container though.. I guess it can be quite useful in plenty of other situations!