+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
Windows Thread, block Apple products (ipods and iphones ) on wireless in Technical; What we do here : We have two SSID. SSID1 Our RADIUS server only allow domain joined computers to connect ...
  1. #16

    Join Date
    May 2008
    Posts
    9
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    What we do here :

    We have two SSID.

    SSID1
    Our RADIUS server only allow domain joined computers to connect (computer authentication).

    SSID2
    Guest-WLAN, RADIUS server only allow the Staff group to connect via a form based-authentication.

    That way students can only use school computers on our WLAN, no ipod/iphone.

  2. #17

    Join Date
    May 2008
    Posts
    9
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    you might want to check packetfence also.
    PacketFence: Home

  3. #18
    Cue
    Cue is offline
    Cue's Avatar
    Join Date
    Mar 2009
    Location
    Hampshire
    Posts
    118
    Thank Post
    5
    Thanked 13 Times in 12 Posts
    Rep Power
    14
    Quote Originally Posted by Oops_my_bad View Post
    Unfortunately using whitelists/radius etc will not work.

    There is something very wrong with Apple's implementation of wireless which (not intentionally?) causes a denial of service to certain vendors access points when they try to connect, which also explains why your teacher laptops are being disconnected when these ipods/phones connect. Your access point is spazzing out.
    Do you have any links to something more in-depth regarding this? I'm intrigued...

    To the OP, I'd try to avoid locking down your Wi-Fi too much, I'm just speaking here as someone who likes to promote a more open and friendly environment, but once you start locking it down too much things get messy and staff get annoyed, I don't know of many schools where locking down any non-school equipment goes down well (don't even allow staff laptops on the Wi-Fi at mine, annoyingly).

  4. #19

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,051
    Thank Post
    209
    Thanked 427 Times in 307 Posts
    Rep Power
    144
    Quote Originally Posted by bart21 View Post
    i haad thought of certificate security but know little about this.

    is there any easy way to ban the mac address?

    i dont really want to have to type it into every ap as we have nearly 50

    Does anyone else have this problem?

    thanks

    nick
    Just use machine only authentication instead of user authentication, you don't even need certificates. Our RADIUS secured wireless system only lets devices with an authorised account in AD connect, user authentication is disabled.

    If you're using IAS as your authentication server it's a doddle. It also stops the issues you sometimes get when the machine changes from machine based to user based authentication at login when setup using the IAS defaults.

    IF you're using another RADIUS server however, I'm not sure if you can do it. IAS is the most popular if you don't have a managed system like Cisco with it's own RADIUS server built in.

    Mike.
    Last edited by maniac; 23rd March 2010 at 11:52 PM.

  5. Thanks to maniac from:

    bart21 (24th March 2010)

  6. #20
    bart21's Avatar
    Join Date
    Aug 2009
    Location
    peterborough
    Posts
    404
    Thank Post
    77
    Thanked 54 Times in 52 Posts
    Rep Power
    20
    thanks for that maniac,

    can you give me the steps to do that in IAS please

    (we do use IAS)

  7. #21
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42
    Quote Originally Posted by bart21 View Post
    thanks for that maniac,

    can you give me the steps to do that in IAS please

    (we do use IAS)

    have a look here:

    http://www.edugeek.net/forums/networ...as-server.html

  8. #22

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,051
    Thank Post
    209
    Thanked 427 Times in 307 Posts
    Rep Power
    144
    To be honest, it was so long ago when I set this up I can't remember precisely all the steps - IAS and RADIUS is quite complex to get working, I seem to remember it took a lot of fiddling.

    Effectively it's the policy conditions in IAS you can change to allow authentication only if certain conditions are met. I created a group and called it 'Allow wireles connection' which I added all our wireless devices to - I then set the policy conditions to state 'NAS-Port-Type matches "Wireless - other OR Wireless - IEE 802.11" AND Windows-Groups matches "Allow Wireless Connection" - this ensures only devices that meet those two conditions are authenticated.

    I also changed our wireless group policy so it is set for Computer Only authentication - there's a box in there somewhere to do this. It did take me a little while to get this working properly, but now it is we have very few wireless problems in this school, and our access points are pretty old Cisco 1200 series ones.

    Incidently my wireless system doesn't even prompt for a username and password if un-authorised people try and connect to it now, it just sits there saying 'authenticating' then fails.

    Mike.

  9. #23

    Join Date
    Mar 2011
    Location
    Bolton
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Does this throw staff laptops off or just severely delay their connection? We have RM laptops, connecting wirelessly (getting an IP address), but then failing to get mapped drives, because Location Chooser (an RM program) cannot access Active directory objects

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. [Pics] Evolution Of The Apple Range Of Products
    By DaveP in forum Jokes/Interweb Things
    Replies: 14
    Last Post: 11th March 2010, 11:12 AM
  2. Eugh.. iPhones causing wireless DoS
    By Oops_my_bad in forum Wireless Networks
    Replies: 3
    Last Post: 31st January 2010, 11:20 PM
  3. Apple iPhones
    By Danielle in forum Other Stuff
    Replies: 23
    Last Post: 28th January 2010, 09:57 AM
  4. Computer Products ltd "Upsetting The APPLE Cart"
    By CPLTD in forum Our Advertisers
    Replies: 5
    Last Post: 23rd October 2009, 01:20 PM
  5. Wireless Guest Access for PDA's,Laptops,IPhones using VLAN
    By steveo2000 in forum Wireless Networks
    Replies: 15
    Last Post: 28th July 2009, 11:07 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •