Windows Thread, block Apple products (ipods and iphones ) on wireless in Technical; What we do here :
We have two SSID.
Our RADIUS server only allow domain joined computers to connect ...
23rd March 2010, 11:21 PM #16
- Rep Power
What we do here :
We have two SSID.
Our RADIUS server only allow domain joined computers to connect (computer authentication).
Guest-WLAN, RADIUS server only allow the Staff group to connect via a form based-authentication.
That way students can only use school computers on our WLAN, no ipod/iphone.
23rd March 2010, 11:23 PM #17
- Rep Power
you might want to check packetfence also.
24th March 2010, 12:24 AM #18
Do you have any links to something more in-depth regarding this? I'm intrigued...
Originally Posted by Oops_my_bad
To the OP, I'd try to avoid locking down your Wi-Fi too much, I'm just speaking here as someone who likes to promote a more open and friendly environment, but once you start locking it down too much things get messy and staff get annoyed, I don't know of many schools where locking down any non-school equipment goes down well (don't even allow staff laptops on the Wi-Fi at mine, annoyingly).
24th March 2010, 12:50 AM #19
Just use machine only authentication instead of user authentication, you don't even need certificates. Our RADIUS secured wireless system only lets devices with an authorised account in AD connect, user authentication is disabled.
Originally Posted by bart21
If you're using IAS as your authentication server it's a doddle. It also stops the issues you sometimes get when the machine changes from machine based to user based authentication at login when setup using the IAS defaults.
IF you're using another RADIUS server however, I'm not sure if you can do it. IAS is the most popular if you don't have a managed system like Cisco with it's own RADIUS server built in.
Last edited by maniac; 24th March 2010 at 12:52 AM.
24th March 2010, 09:23 AM #20
thanks for that maniac,
can you give me the steps to do that in IAS please
(we do use IAS)
24th March 2010, 10:45 AM #21
24th March 2010, 10:50 AM #22
To be honest, it was so long ago when I set this up I can't remember precisely all the steps - IAS and RADIUS is quite complex to get working, I seem to remember it took a lot of fiddling.
Effectively it's the policy conditions in IAS you can change to allow authentication only if certain conditions are met. I created a group and called it 'Allow wireles connection' which I added all our wireless devices to - I then set the policy conditions to state 'NAS-Port-Type matches "Wireless - other OR Wireless - IEE 802.11" AND Windows-Groups matches "Allow Wireless Connection" - this ensures only devices that meet those two conditions are authenticated.
I also changed our wireless group policy so it is set for Computer Only authentication - there's a box in there somewhere to do this. It did take me a little while to get this working properly, but now it is we have very few wireless problems in this school, and our access points are pretty old Cisco 1200 series ones.
Incidently my wireless system doesn't even prompt for a username and password if un-authorised people try and connect to it now, it just sits there saying 'authenticating' then fails.
30th March 2011, 02:44 PM #23
- Rep Power
Does this throw staff laptops off or just severely delay their connection? We have RM laptops, connecting wirelessly (getting an IP address), but then failing to get mapped drives, because Location Chooser (an RM program) cannot access Active directory objects
By DaveP in forum Jokes/Interweb Things
Last Post: 11th March 2010, 12:12 PM
By Oops_my_bad in forum Wireless Networks
Last Post: 1st February 2010, 12:20 AM
By Danielle in forum Other Stuff
Last Post: 28th January 2010, 10:57 AM
By CPLTD in forum Our Advertisers
Last Post: 23rd October 2009, 02:20 PM
By steveo2000 in forum Wireless Networks
Last Post: 28th July 2009, 12:07 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)