CNaaS NAC - Active Directory

In order to offer a full NAC solution built on FreeRADIUS we must be able to offer a good integration towards Microsoft Active Directory (AD). 

From a very high level the architecture would look something like this:

The network device will communicate with FreeRADIUS, which will determine if it should try to find the user in the local SQL database, do a lookup in AD or act like a proxy and forward the request to Eduroam. If we are going to use AD, we will first authorise the user with NTLM and in a second step use LDAP to lookup which groups the user belong to and based on that assing VLANs etc.