FreeRADIUS MFA with Amazon Active Directory

Question

Hi, 
AWS AD can't communicate with the FreeRADIUS instance in one VPC through the private IP. Only with public IP. Should I create private subnets and move both services there?

Accepted Answer

Best Practices documentation recommends your WorkSpaces and AD infrastructure reside in a private subnet:  https://docs.aws.amazon.com/whitepapers/latest/best-practices-deploying-amazon-workspaces/vpc-design.html#example-of-a-typical-configuration

As the FreeRadius server you deploy per [this blog](https://aws.amazon.com/blogs/desktop-and-application-streaming/integrating-freeradius-mfa-with-amazon-workspaces/) needs to communicate with the AD infrastructure it should be deployed in a subnet which is reachable from your AD subnet. The [Reachability Analyzer](https://docs.aws.amazon.com/vpc/latest/reachability/what-is-reachability-analyzer.html) may be able to help you troubleshoot further.

FreeRADIUS MFA with Amazon Active Directory

相关内容