+ Post New Thread
Results 1 to 5 of 5
Wireless Networks Thread, Radius misconfiguration in Technical; I'm setting up Radius for a wireless Trial and It appears to be working OK but its not authenticating correctly. ...
  1. #1
    Gaz
    Gaz is offline

    Join Date
    Feb 2011
    Location
    Preston
    Posts
    861
    Thank Post
    152
    Thanked 75 Times in 64 Posts
    Rep Power
    21

    Radius misconfiguration

    I'm setting up Radius for a wireless Trial and It appears to be working OK but its not authenticating correctly. The client can connect and in the WAP I can see that they are connected via 802.1x with the username they used but they can also browse areas of the network that they really shouldn't be able to. I am using a laptop to test this out and the laptop isn't on the domain and it is appearing as though it were a BYOD device.

    I added the AP into radius as a client and followed the wizard for creating an 802.1x server and that is about as much as I have done.

    Any help would be appreciated.

  2. #2

    Join Date
    Feb 2010
    Posts
    221
    Thank Post
    68
    Thanked 42 Times in 29 Posts
    Rep Power
    17
    Radius literally just handles the authentication which by the sounds of it is working just fine, if you want to lock down what the client can access once its on you'll want to look at Nap, VLANs, etc. Your wireless system (depending what it is) may provide functionality for this.

  3. Thanks to JRowley from:

    Gaz (24th June 2014)

  4. #3
    Gaz
    Gaz is offline

    Join Date
    Feb 2011
    Location
    Preston
    Posts
    861
    Thank Post
    152
    Thanked 75 Times in 64 Posts
    Rep Power
    21
    Perhaps its the NAP that I need to configure then. I didn't realise that it would give anyone that auths over 802.1x full access, I thought that NTFS permissions would still apply. The Radius will be used for students/staff and a guest portal will be used for guest access, which is sorted.

  5. #4

    Join Date
    Feb 2010
    Posts
    221
    Thank Post
    68
    Thanked 42 Times in 29 Posts
    Rep Power
    17
    Once they have authenticated through Radius they are just allowed onto the network, they aren't added to a security group, its as if someone has plugged into your wired network. NAP is basically a health check system which gates authenticated users if they don't meet certain conditions, such as up to date antivirus. Provided your network shares don't allow the 'Everyone' security group then users will have to authenticate with a relevant username to gain access.

    Hope this helps, I would suggest looking at your permissions on your shares, and also your wireless controller to see if you can restrict access with that, typically you can specify which IP's/subnets clients can access, failing that VLANs are extremely useful in this context though I have no experience in that area.

    Which wireless provider are you using?

  6. Thanks to JRowley from:

    Gaz (25th June 2014)

  7. #5
    Gaz
    Gaz is offline

    Join Date
    Feb 2011
    Location
    Preston
    Posts
    861
    Thank Post
    152
    Thanked 75 Times in 64 Posts
    Rep Power
    21
    I'm using a Meraki MR18 access point. I think I've sorted it out, I need a holiday or something! On the laptop I was using it had admin credentials but it wasn't on the domain, naturally that shouldn't matter so it let the user browse the network regardless of who authed over radius. Yes I'm a complete muppet and I should be banned from computers.

SHARE:
+ Post New Thread

Similar Threads

  1. RADIUS and IAS
    By HodgeHi in forum Wireless Networks
    Replies: 98
    Last Post: 30th April 2009, 10:39 AM
  2. radius with guests
    By strawberry in forum How do you do....it?
    Replies: 9
    Last Post: 16th July 2008, 04:10 PM
  3. Radius Testing Software
    By plexer in forum Wireless Networks
    Replies: 0
    Last Post: 25th September 2007, 04:00 PM
  4. HP NX6325 Radius PEAP
    By plexer in forum Wireless Networks
    Replies: 0
    Last Post: 1st December 2006, 10:15 AM
  5. ISA Server 2004 and RADIUS
    By spc-rocket in forum Wireless Networks
    Replies: 0
    Last Post: 11th December 2005, 12:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •