Wireless Networks Thread, Ruckus, Smoothwall & Radius in Technical; Fingers crossed....
2nd July 2014, 01:34 PM #16
- Rep Power
7th July 2014, 12:02 PM #17
- Rep Power
Between removing the proxy.pac for the wifi network and upgrading my ZD1000 to a ZD1100 ive got this working.
Only thing that i'm struggling with is windows laptops wont connect without manually importing the WPA enterprise CA Certificate from the smoothwall. This is a BYOD headache, the easiest option would be to purchase a legitimate CA trusted certificate im struggling to find were to do this??
7th July 2014, 05:33 PM #18
@stgoodyeara ive tried this and failed with the smoothwall and ruckus to get authentication obto the ssid.
If it set ruckus to look at the smoothwall as a radius server (cant remember exacy what the options weee but tried all sorts before today) and try to put say year2008 into the post16 group so they can only access the post16 ssid or only allow the staff group from ad to access the staff ssid and test the authentication, the test fails had reports that the members are in the default group.
Ive been onto smoothwall about this and they say that an update is been tested for this problem.
7th July 2014, 07:12 PM #19
- Rep Power
@timbo343 I've achieved the authentication I'm looking for, sounds like your system is mentally complicated. I just have a single ssid that any student can authenticate with, they are then filtered according to the ad credentials supplied to the radius server.
My remaining issue is that windows 7 laptops are very strict when it comes to 802.1x authentication. Windows 7 won't even entertain a connection to a radius server that isn't providing a valid ssl certificate, you can work around this on domain controlled PCs by using GP to add the smoothwall 802.1x certificate into the trusted authority on the computer. Even then it still moans abit when you connect for the 1st time. The issue is on a BYOD model I don't want to be messing around pushing certs onto student devices that we don't manage. Smoothwall have provided a guide on doing this, it's page 305 of this guide but as you can image a standard user isn't gonna achieve this
So my remain query if anyone can answer it is: can I replace the 802.1x cert in the WPA enterprise section of the smoothwall for a purchased trusted CA cert to appease Bill Gates and his cronies
7th July 2014, 07:58 PM #20
Ahhh i see, at the moment im only wanting post16 to access the wireless so dont want the rest of the students to gain access.
As to your question, i guess so yeah but maybe @CJF or @tom_newton might be able to help)
7th July 2014, 08:42 PM #21
- Rep Power
That seems achievable to me. I'd just put a web filtering rule to block all students except post 16 when they are connecting on the ip range that assigned to the ssid.
8th July 2014, 02:10 PM #22
I have the same problem, and its a proper pain in the backside so I would like to know the solution too. Adding it manually works but is hardly convenient!
Originally Posted by stgoodyeara
9th July 2014, 03:50 PM #23
- Rep Power
My LA support our smoothwall for us. They have reported that smoothwall themselves can put a real-world certificate onto the radius for us. They have created me a server certificate request and email it to me with the instruction to use it to purchase a real-world cert and send it back to them and they will import it for me.
ill report back if it works.
10th July 2014, 11:28 AM #24
That would be great - had a student with a Windows laptop yesterday and while it didn't take long to install, it seems a long winded way of doing it!
10th September 2014, 04:28 PM #25
Does this give you visibility of what wifi-connected device is owned by which AD user, and who was viewing a particular site on a particular device at a given time? (Assuming they hadn't given their friends their personal iPhone etc)
Our student wifi is off because I broke it - about ready to turn back on on Monday, but we don't want 800 kids coming with non-Apple devices to register onto the network on Monday morning. Our current method (which Tim is familiar with) is supposed to be DIY, but only Apple and latest Androids work - old Androids, Windows, Blackberries, don't work)
If I can get student's online without having to manually do things for them, whilst still tracking who is doing what on which device, when and where, then I'd love to implement this.
10th September 2014, 10:24 PM #26
11th September 2014, 06:17 AM #27
Originally Posted by timbo343
Sounds useful, but not yet knowing ('till I ring you later) what Smoothwall already provides, not sure yet.
By sparkeh in forum Wireless Networks
Last Post: 5th December 2013, 09:36 AM
By truebluesteve in forum Wireless Networks
Last Post: 18th April 2013, 06:09 PM
By Sheridan in forum Wireless Networks
Last Post: 12th April 2013, 09:27 AM
By gshaw in forum Wireless Networks
Last Post: 18th September 2012, 09:56 AM
By MYK-IT in forum Wireless Networks
Last Post: 24th May 2012, 04:38 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)