Smoothwall/Ruckus guest WLAN

badders · 20-11-2009, 11:06 AM

Is anybody using Smoothwall and Ruckus and managed to get a guest WLAN working. We have no problem setting up a school WLAN for domain attached devices, but would like to enable students to use their own laptops to access the internet by authenticating against thier AD account. We've got as far as setting up another WLAN for students that asks for authentication using the Ruckus portal to authorize the device but then when we try to browse the internet Smoothwall blocks access due to the local user of the laptop being an unauthorised user. Would we have to use VLans with a separate DHCP server?

tom_newton · 20-11-2009, 11:37 AM

I wonder how the traffic is hitting Smoothie... if you want authentication, non-domain users *should* get a popup if they are presented with an ntlm handshake. Is ruckus proxying the traffic first?

You could potentially give "unauthenticated IPs" some very limited web access? You'd lose a bit of visibility though.

badders · 20-11-2009, 01:51 PM

We.ve manually set smoothwall as the proxy in the non-domain client, but we don't seem to get a pop-up asking for username/password. Would this be related to the SSL login settings in smoothwall?

tom_newton · 20-11-2009, 03:40 PM

Are you using NTLM on the domain?

badders · 20-11-2009, 04:23 PM

Smoothwall is set to use NTLM identification.

pantscat · 20-11-2009, 04:33 PM

Change it to NTLM authentication and hey-presto! I bet it will work...

Actually... scrap that. NTLM identification should work too...

badders · 01-12-2009, 10:00 AM

Tried both NTLM authentication and NTLM identifcation, a guest trying to access the internet still gets the unauthenticated ip/ username not allowed. I was expecting a popup box from smoothwall asking for a username password if the logged on account is not located in AD. Is this possible?

tom_newton · 01-12-2009, 03:31 PM

OOh... guest.. hmm. If they are not authed, the smoothie would probably pass the "who are ye request" back to the Ruckus box, and it may get filtered there. A tough one.

Maybe we can set this situation up at BETT if we can find an AD. Or perhaps we can borrow a ruckus for 5.

DMcCoy · 01-12-2009, 03:43 PM

Windows will helpfully return the details of the current user. You will need to use basic authentication to get IE to prompt. We had to run an additional instance of smoothwall due to only being able to use one auth method.

tom_newton · 01-12-2009, 05:24 PM

..which we promise to fix ASAP (we're working on it, honest

)

Edu-IT · 01-12-2009, 08:48 PM

Quote:

Originally Posted by tom_newton

OOh... guest.. hmm. If they are not authed, the smoothie would probably pass the "who are ye request" back to the Ruckus box, and it may get filtered there. A tough one.

Maybe we can set this situation up at BETT if we can find an AD. Or perhaps we can borrow a ruckus for 5.

You could use the one on the EG stand?

Welcome, Register for free! or Login below:
User Name		Remember Me?
Password

20-11-2009, 11:06 AM	#1
badders Join Date: Apr 2007 Location: Cumbria Posts: 48 Thanks: 16 Thanked 3 Times in 2 Posts Rep Power: 6	Smoothwall/Ruckus guest WLAN Is anybody using Smoothwall and Ruckus and managed to get a guest WLAN working. We have no problem setting up a school WLAN for domain attached devices, but would like to enable students to use their own laptops to access the internet by authenticating against thier AD account. We've got as far as setting up another WLAN for students that asks for authentication using the Ruckus portal to authorize the device but then when we try to browse the internet Smoothwall blocks access due to the local user of the laptop being an unauthorised user. Would we have to use VLans with a separate DHCP server?

20-11-2009, 04:23 PM	#5
badders Join Date: Apr 2007 Location: Cumbria Posts: 48 Thanks: 16 Thanked 3 Times in 2 Posts Rep Power: 6	Smoothwall is set to use NTLM identification. Last edited by badders; 20-11-2009 at 04:24 PM.. Reason: Wrong info

20-11-2009, 04:33 PM	#6
pantscat Join Date: Oct 2005 Posts: 47 Thanks: 5 Thanked 1 Time in 1 Post Rep Power: 0	Change it to NTLM authentication and hey-presto! I bet it will work... Actually... scrap that. NTLM identification should work too... Last edited by pantscat; 20-11-2009 at 04:44 PM.. Reason: Bad advice!

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
RUCKUS help - Guest access & the internet via Proxy	jamin100	Networks	15	01-10-2009 11:49 PM
Ruckus Managed Wireless Causing A Ruckus!	CPLTD	Our Advertisers	4	21-08-2009 09:25 AM
Caretakers wlan	blacksheep	General Chat	36	01-05-2009 03:02 PM
WLAN suggestions	Domino	Networks	18	25-10-2007 12:29 PM

		EduGeek.net Forums > Technical > Internet Related/Filtering/Firewall
Smoothwall/Ruckus guest WLAN

20-11-2009, 11:37 AM	#2
tom_newton Join Date: Sep 2006 Location: Leeds Posts: 1,958 Thanks: 171 Thanked 260 Times in 194 Posts Rep Power: 59	I wonder how the traffic is hitting Smoothie... if you want authentication, non-domain users should get a popup if they are presented with an ntlm handshake. Is ruckus proxying the traffic first? You could potentially give "unauthenticated IPs" some very limited web access? You'd lose a bit of visibility though.

20-11-2009, 01:51 PM	#3
badders Join Date: Apr 2007 Location: Cumbria Posts: 48 Thanks: 16 Thanked 3 Times in 2 Posts Rep Power: 6	We.ve manually set smoothwall as the proxy in the non-domain client, but we don't seem to get a pop-up asking for username/password. Would this be related to the SSL login settings in smoothwall?

20-11-2009, 03:40 PM	#4
tom_newton Join Date: Sep 2006 Location: Leeds Posts: 1,958 Thanks: 171 Thanked 260 Times in 194 Posts Rep Power: 59	Are you using NTLM on the domain?

01-12-2009, 10:00 AM	#7
badders Join Date: Apr 2007 Location: Cumbria Posts: 48 Thanks: 16 Thanked 3 Times in 2 Posts Rep Power: 6	Tried both NTLM authentication and NTLM identifcation, a guest trying to access the internet still gets the unauthenticated ip/ username not allowed. I was expecting a popup box from smoothwall asking for a username password if the logged on account is not located in AD. Is this possible?

01-12-2009, 03:31 PM	#8
tom_newton Join Date: Sep 2006 Location: Leeds Posts: 1,958 Thanks: 171 Thanked 260 Times in 194 Posts Rep Power: 59	OOh... guest.. hmm. If they are not authed, the smoothie would probably pass the "who are ye request" back to the Ruckus box, and it may get filtered there. A tough one. Maybe we can set this situation up at BETT if we can find an AD. Or perhaps we can borrow a ruckus for 5.

01-12-2009, 03:43 PM	#9
DMcCoy Join Date: Oct 2005 Location: Isle of Wight Posts: 2,674 Thanks: 6 Thanked 300 Times in 254 Posts Rep Power: 69	Windows will helpfully return the details of the current user. You will need to use basic authentication to get IE to prompt. We had to run an additional instance of smoothwall due to only being able to use one auth method.

01-12-2009, 05:24 PM	#10
tom_newton Join Date: Sep 2006 Location: Leeds Posts: 1,958 Thanks: 171 Thanked 260 Times in 194 Posts Rep Power: 59	..which we promise to fix ASAP (we're working on it, honest )

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search Thread
Show Printable Version Email this Page	Search Thread: Advanced Search

Internet Related forum sponsored by

Smoothwall/Ruckus guest WLAN