+ Post New Thread
Page 1 of 7 12345 ... LastLast
Results 1 to 15 of 99
Wireless Networks Thread, RADIUS and IAS in Technical; Has anyone implemented a RADIUS server and / or IAS to authenticate a wireless network? If so how easy is ...
  1. #1

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    RADIUS and IAS

    Has anyone implemented a RADIUS server and / or IAS to authenticate a wireless network?

    If so how easy is it to implement and run. Are there any security issues that need to be addressed beforehand to allow smooth running?

    Would a linux RADIUS be best or are the switch variety better?

    What about IAS on Server 2003?

    Just a few questions to assist me in whether to set one up instead of standard encryption.

    If anymore info available please feel free to post. The more the better.

  2. #2
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,013
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    108

    Re: RADIUS and IAS

    Theres a discussion here on encryption and various radius implementations.

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: RADIUS and IAS

    W2k3 Server + IAS works but its a pig to do. There's an MS whitepaper you can follow to do it.

    http://www.microsoft.com/technet/pro...y/ed80211.mspx

    Linux is simpler (from my POV). FreeRadius is what does the business.

    http://www.freeradius.org/doc/EAPTLS.pdf

  4. #4

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: RADIUS and IAS

    CrhisH - Thanks for the heads up and sorry to re-post for old info.

    Geoff - cheers for that info too. I have never really used Linux, but i will look into it as i have been wanting to get into Linux for a while.

  5. #5

    Join Date
    Jun 2005
    Location
    London, UK
    Posts
    115
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    20

    Re: RADIUS and IAS

    We use Server 2003 with IAS to authenticate all of our wireless clients. After some unsuccessful experiments with certificates, we decided to use PEAP for authentication. The advantage (to us) is that machines with Active Directory computer accounts authenticate themselves.

    Laptops which are not domain members are prompted for a domain username and password to connect to the wireless network.

  6. #6

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56

    Re: RADIUS and IAS

    Sounds good slartibartfast. How difficult was IAS to set up initially? I am not in control of the DCs so it would be left to someone else to do.

    I would like the option of knowing how to do both IAS and RADIUS authentication and have some information on problems some people have had with each so i can then go down the path with least resistance, hence the questions.

  7. #7

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,717
    Thank Post
    667
    Thanked 1,637 Times in 1,463 Posts
    Rep Power
    424

    Re: RADIUS and IAS

    Slarti: Hey mate not far from me in little ole watton. Scalable and secure wireless is what I've been looking at for a while would love to see your setup and if you give some pointers on IAS setup that would be cool I've seen all the M$ stuff on using PKI's etc... but it's way too complicated.

    The other alternative is Elektron from Corriente which is a simple install to give you a radius server for authenitcating wireless clients with a certificate so they can authenticate the server.

    Trouble is atm Elektron only gives user authentication and not machine so domain users cuoldn't log using the wireless as the secure connection is only bought up after they have logged in.

    Ben

  8. #8
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: RADIUS and IAS

    Quote Originally Posted by Slartibartfast
    We use Server 2003 with IAS to authenticate all of our wireless clients. After some unsuccessful experiments with certificates, we decided to use PEAP for authentication. The advantage (to us) is that machines with Active Directory computer accounts authenticate themselves.

    Laptops which are not domain members are prompted for a domain username and password to connect to the wireless network.
    I'd settled on PEAP as the most likely candidate for when we do wireless "properly" (currently we only have one AP used in anger).

    Your last statement about being able to connect to the wireless network with any old laptop logging in via a user account has me a bit worried though. Is that because users can add upto 10 computers to the domain by default or is it something different? Is there an easy way to stop that behaviour so that we don't get plagued by rogue laptops riddled with viruses and hacking tools?

  9. #9

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,717
    Thank Post
    667
    Thanked 1,637 Times in 1,463 Posts
    Rep Power
    424

    Re: RADIUS and IAS

    I think he means that a domain computer can connect to the network using it's computer credentials but a laptop thats not part of the domain would be asked for a username and password to be entered before it's allowed access this would be the persons username, domain and their domain password if they are all correct then access is allowed.

    Ben

  10. #10
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: RADIUS and IAS

    Quote Originally Posted by plexer
    I think he means that a domain computer can connect to the network using it's computer credentials but a laptop thats not part of the domain would be asked for a username and password to be entered before it's allowed access this would be the persons username, domain and their domain password if they are all correct then access is allowed.

    Ben
    Yeah, that's how I understood it. Unfortunately that would allow any pupil with their own non-domain-member laptop to connect to the wireless network from anywhere on the site, which currently isn't acceptable for us. At least with wired connections we can tell which wall socket they're plugged into and go and ask them to pack it in. With large-scale wireless they could even be in the car park or a nearby house.

  11. #11

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,717
    Thank Post
    667
    Thanked 1,637 Times in 1,463 Posts
    Rep Power
    424

    Re: RADIUS and IAS

    Yes they could but then you make it so that they can't log in and it's only domain computers or allowed mac adresses or some other scheme to prevent it thats just how he has it configured.

    Ben

  12. #12
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,383
    Thank Post
    54
    Thanked 315 Times in 245 Posts
    Blog Entries
    6
    Rep Power
    120

    Re: RADIUS and IAS

    If its IAS RADIUS autenticated, surely you could restrict authentication to certain users or groups? If you're not on the list, you can't get in

  13. #13

    Join Date
    Jun 2005
    Posts
    223
    Thank Post
    6
    Thanked 8 Times in 8 Posts
    Rep Power
    30

    Re: RADIUS and IAS

    I have set up IAS for wireless. It works quite well, the only tedious bit was getting certificates onto the clients for authentication. You can use IAS policies to restrict the logons to certain user groups.
    Recently i've been looking at Linux for this. Playing with replacing firmware on the AP to do extra fun stuff.

  14. #14

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,600
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181

    Re: RADIUS and IAS

    Perhaps people would be willing to write a HOWTO guide for how they set their implementation of IAS/FreeRADIUS/woteva up?

    I have set up a wiki page for this purpose at http://www.russdev.com/edugeek/doku.php?id=wifisetup - happy wiki-ing!

  15. #15

    Join Date
    Jun 2005
    Location
    London, UK
    Posts
    115
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    20

    Re: RADIUS and IAS

    Unfortunately that would allow any pupil with their own non-domain-member laptop to connect to the wireless network from anywhere on the site, which currently isn't acceptable for us.
    There's an IAS remote access policy in place to prevent this.

    If its IAS RADIUS autenticated, surely you could restrict authentication to certain users or groups? If you're not on the list, you can't get in
    Exactly. User accounts need to be a member of a specific group to authenticate.

SHARE:
+ Post New Thread
Page 1 of 7 12345 ... LastLast

Similar Threads

  1. radius with guests
    By strawberry in forum How do you do....it?
    Replies: 9
    Last Post: 16th July 2008, 04:10 PM
  2. How does Radius work?
    By ranj in forum Wireless Networks
    Replies: 3
    Last Post: 4th January 2008, 12:42 PM
  3. Radius Testing Software
    By plexer in forum Wireless Networks
    Replies: 0
    Last Post: 25th September 2007, 04:00 PM
  4. HP NX6325 Radius PEAP
    By plexer in forum Wireless Networks
    Replies: 0
    Last Post: 1st December 2006, 10:15 AM
  5. ISA Server 2004 and RADIUS
    By spc-rocket in forum Wireless Networks
    Replies: 0
    Last Post: 11th December 2005, 12:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •