Backend FreeRADIUS with Directory-as-a-Service

By Greg Keller Posted June 5, 2015

Backend FreeRADIUS

Many organizations are leveraging FreeRADIUS as their RADIUS server to control access to network infrastructure equipment. RADIUS is one of the most widely used protocols to control access to the network and to network infrastructure gear.

The primary advantage of RADIUS is that it acts as a proxy for network access. RADIUS can be setup to be the authentication source itself, but many organizations leverage a directory service to be the backend source of identities.

FreeRADIUS with DaaS


JumpCloud’s Directory-as-a-Service® can now act as the source of identities with FreeRADIUS. For those organizations that do not have a directory service, but would like to add more control over their network infrastructure including WiFi, JumpCloud’s DaaS is an excellent solution to use in conjunction with FreeRADIUS.

Using RADIUS to Lock Down WiFi Access

While RADIUS can work with virtually all of your network infrastructure gear, let’s focus in on one primary use case and benefit: leveraging RADIUS to lock down your WiFi access points.

WiFi has become the most common method for employees to access the corporate network. The challenge has become that a single SSID and password is not secure enough.

Organizations need to lock down their network and the best way to do that is to tie access to your corporate identity. Those corporate identities are generally housed in a directory service, but some organizations do not have a directory. For example, many companies leverage Google Apps (now known as G Suite) which isn’t a directory and as a result many organizations are unable to leverage RADIUS.

With JumpCloud, those organizations can now leverage Google Apps and RADIUS and backend it with a true directory service.

How FreeRADIUS with DaaS works:

  • JumpCloud acts as your primary directory service – sign-up for JumpCloud and add your users to the cloud-based directory. As a reminder, JumpCloud’s DaaS authenticates, authorizes, and manages your users, their devices and IT applications. In short, Directory-as-a-Service gives you full control over your IT infrastructure.
  • Install FreeRADIUS – if you don’t already have FreeRADIUS, go ahead and install it.
  • Connect your WiFi to FreeRADIUS – as a next step, we’ll connect your wireless access point to FreeRADIUS. For our example, we use a Meraki access point, but most other WAPs support RADIUS as well.
  • Hook up your RADIUS server to auth with JumpCloud – your last major step is to connect your RADIUS server with JumpCloud.    

The Result of FreeRADIUS + DaaS

You are good to go. Your next step is to do a round trip test by logging into your WiFi network with your credentials.

Now every user on your network will login to your network with unique credentials. No more letting everybody on the network with a common login.

Your users will enter their credentials into their supplicant once – and after that they will jump on your network every time. In general, this turns out to be a better user experience than backending your wireless network LDAP, although the level of security is largely the same.

Should You Backend FreeRADIUS with DaaS?

If you are leveraging FreeRADIUS already and would like to have the authentication source be a directory, take a look at JumpCloud’s Directory-as-a-Service. The SaaS-based directory service is one of the easiest, most efficient ways to implement directory services. You can try it out for yourself by. Your first 10 users are free forever – no credit card required.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts