+ Post New Thread
Results 1 to 10 of 10
How do you do....it? Thread, radius with guests in Technical; I've just set up radius to authenicate using ad to check computer accounts. Can anyone recommend away of getting guest ...
  1. #1

    Join Date
    Mar 2007
    Posts
    1,762
    Thank Post
    79
    Thanked 290 Times in 221 Posts
    Rep Power
    86

    radius with guests

    I've just set up radius to authenicate using ad to check computer accounts.

    Can anyone recommend away of getting guest computers onto and off the wireless easily?

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: radius with guests

    Do your Wireless AP's support VLAN isolation? If they do, use that. Instead of getting no connection at all they will be put in this seperate VLAN where you can grant access to whatever specific systems you want (I'd guess internet access?)

    If you have cheap APs that don't do this, check if you can flash them with OpenWRT. You can get the functionality that way.

    Failing that, no.

  3. #3

    Join Date
    Mar 2007
    Posts
    1,762
    Thank Post
    79
    Thanked 290 Times in 221 Posts
    Rep Power
    86

    Re: radius with guests

    drat!, would creating a dummy computer in AD be enough for radius to authenticate?

    (sorry to ask a dumb question, i dont have a laptop to test it on atm)

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: radius with guests

    No, the computer needs a valid account in AD to be able to authenticate. If you've not done the 'add computer to the domain' thing locally on the machine it wont have the required cryptographic credentials to authenticate.

    Basically, you have to add the machine to the domain for the radius authentication to be successful. That's the whole point.

  5. #5
    User3204's Avatar
    Join Date
    Aug 2006
    Location
    Wirral
    Posts
    769
    Thank Post
    55
    Thanked 66 Times in 62 Posts
    Rep Power
    34

    Re: radius with guests

    We have multiple RADIUS authentication rules.

    One which allows a list of Laptop computers;
    One which allows a list of Users;

    If you copy the rule that you use for the computer authentication, but apply it to a group into which you just put the "extra" users (which would have to be created in your AD). You would also have to change some of the logon/authentication on the laptop, there's a tick box that is something like "user logged on username" and "authenticate as computer" which will have to be changed.

    Then when the laptop/user attempt to connect they get a message about more credentials needed, and they have to type in username / password / domain.

    -- This is from memory, but I can the details check on friday.

  6. #6

    Join Date
    Mar 2007
    Posts
    1,762
    Thank Post
    79
    Thanked 290 Times in 221 Posts
    Rep Power
    86

    Re: radius with guests

    thanks user, that would be great, i've managed to do it with my pda by importing a certificate (which i'm happy to manually put on said laptops) so i know something is possible.

  7. #7

    Join Date
    Mar 2007
    Posts
    1,762
    Thank Post
    79
    Thanked 290 Times in 221 Posts
    Rep Power
    86

    Re: radius with guests

    fixed! if anyone wants to know how feel free to pm me.

  8. #8

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,457
    Thank Post
    645
    Thanked 1,612 Times in 1,443 Posts
    Rep Power
    419

    Re: radius with guests

    Please post the details of what you did in order to help people searching in the future.

    Ben

  9. #9

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,625
    Thank Post
    49
    Thanked 460 Times in 336 Posts
    Rep Power
    140

    Re: radius with guests

    You can use MAC addresses in a Radius Authentication Policy too..
    This useful for locking switch connections down.
    Especially in halls of Residence and the likes.
    Stops people connecting unauthorised devices to you LAN outlets or AP's

  10. #10
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Quote Originally Posted by plexer View Post
    Please post the details of what you did in order to help people searching in the future.

    Ben
    Seconded... Having someone post up a "Hey I know PM me to find out" is counter to this forums whole purpose isn't it..

    Grr... sorry but having all sorts of fun with wireless and this nugget would have been a {deity} send.

    FWIW (and I'd appreciate a little feedback on this)... I've got a second rule in the RADIUS server which uses these rules:

    - Windows group matches Domain Staff (ie: user is in a specific security group we want to be able to use this)
    - No other changes in the profile

    On the client machine setup the wlan manually with these settings:
    - WPA
    - TKIP
    - Auth as protected EAP (as setup in the RADIUS originally)
    - Untick the "authenticate as computer when... " box
    - In properties Untick the "Validate server certificate" (you should really be installing the cert on the machines you want to use this with though!)
    - For "Select Auth.. Method" choose the EAP-MSCHAP v2
    - In Configure > Untick the "Automatically use my Windows logon name.." as you doubtless want to authenticate manually
    - OK everything and it should work unless I'm missing something.

    You should then, when you try to connect get a login request for Username, pass and domain... Took a few moments to get it working for me but it is now.


    Of course the downside to all of this is that you have to manually handle most of this.



    Now, if anyone knows how to allow a WPA-PSK through using RADIUS then that would be great... *smiles sweetly*

SHARE:
+ Post New Thread

Similar Threads

  1. RADIUS and IAS
    By HodgeHi in forum Wireless Networks
    Replies: 98
    Last Post: 30th April 2009, 10:39 AM
  2. How does Radius work?
    By ranj in forum Wireless Networks
    Replies: 3
    Last Post: 4th January 2008, 12:42 PM
  3. DCs on VMWare Server guests
    By Norphy in forum Thin Client and Virtual Machines
    Replies: 3
    Last Post: 6th February 2007, 12:35 PM
  4. How many guests?
    By E1uSiV3 in forum General Chat
    Replies: 4
    Last Post: 27th November 2005, 10:22 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •