+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Wireless Networks Thread, Ruckus and encryption keys in Technical; What is the best way to setup domain laptops to use our wireless is there an easy way to automatically ...
  1. #1
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74

    Ruckus and encryption keys

    What is the best way to setup domain laptops to use our wireless is there an easy way to automatically tell the laptops what SSID and key to use, group policy, RADIUS server etc, how are you all doing this?

    Thanks.

  2. #2
    mrmontymick's Avatar
    Join Date
    Mar 2009
    Location
    Peterborough, UK
    Posts
    64
    Thank Post
    7
    Thanked 16 Times in 10 Posts
    Rep Power
    13
    We use GPO settings to distribute this information.

    Have a look under: Computer Configuration -> Windows Settings -> Security Settings -> Wireless Network (IEEE 802.11) Policies and you might find what you're looking for. You can create a new wireless policy including the ability to use Single Sign On, works significantly better with Vista/Win 7 than XP though.

  3. Thanks to mrmontymick from:

    cookie_monster (10th May 2010)

  4. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,986
    Thank Post
    850
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    RADIUS + machine certificates + group policy seems to work alright it has better security than pre-shared key and you can't push those by GP anyway.

  5. Thanks to SYNACK from:

    cookie_monster (10th May 2010)

  6. #4
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Quote Originally Posted by SYNACK View Post
    RADIUS + machine certificates + group policy seems to work alright it has better security than pre-shared key and you can't push those by GP anyway.

    No rush but can you give me a bullet point list of what I need to do to get that in place, I can read the material myself so don't go in depth it's just handy to know where to start and in what order things need doing.

    Thanks.

  7. #5
    dirtydog's Avatar
    Join Date
    Sep 2008
    Posts
    301
    Thank Post
    47
    Thanked 29 Times in 16 Posts
    Rep Power
    23
    I wouldn't mind some info on this too! We just get everyone to activate at the mo which is OK until the key runs out which then causes mass hysteria.

  8. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,986
    Thank Post
    850
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Here are some guides: Wireless Networking in Windows 2003
    Deployment of Protected 802.11 Networks Using Microsoft Windows
    These involve certificates on the client and server providing the best level of security

    There is also a way to do it with a single self signed certificate but I beleive that this is probably less secure:
    http://www.edugeek.net/forums/networ...as-server.html
    Ultimate wireless security guide: Automatic PEAP deployment with Microsoft Active Directory GPO

  9. #7

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,088
    Thank Post
    402
    Thanked 618 Times in 565 Posts
    Rep Power
    180
    I wouldn't mind some info on this too! We just get everyone to activate at the mo which is OK until the key runs out which then causes mass hysteria.
    Don't set an expiry on the keys?

  10. #8
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    Here all the wireless settings are configured manually on the laptop because (correct me if im wrong) to deploy the settings via gpo will require a network connection so you'd wire it in for the gpo to take. Its much easier and for the most part more reliable to configure it manually, which allows for some testing to make sure the config takes. 802.1x RADIUS config, I find, sometimes takes some fiddling to get it to work.

  11. #9
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Quote Originally Posted by apeo View Post
    Here all the wireless settings are configured manually on the laptop because (correct me if im wrong) to deploy the settings via gpo will require a network connection so you'd wire it in for the gpo to take. Its much easier and for the most part more reliable to configure it manually, which allows for some testing to make sure the config takes. 802.1x RADIUS config, I find, sometimes takes some fiddling to get it to work.

    Currently we have 45 notebooks (managed by IT) with the key set manually soon we might have 100, what happens when we want to change the WPA key which at some point we will no doubt currently this will be allot of work.

  12. #10
    dirtydog's Avatar
    Join Date
    Sep 2008
    Posts
    301
    Thank Post
    47
    Thanked 29 Times in 16 Posts
    Rep Power
    23
    Quote Originally Posted by Edu-IT View Post
    Don't set an expiry on the keys?
    good idea but we have students laptop keys too and its nice for them to renew each year so they expire when they leave. Unless we can set different expiry time period for different WLAN's on the ZoneDirector?

  13. #11
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    Quote Originally Posted by cookie_monster View Post
    Currently we have 45 notebooks (managed by IT) with the key set manually soon we might have 100, what happens when we want to change the WPA key which at some point we will no doubt currently this will be allot of work.
    Well we use RADUIS here so we dont use Keys. That being said we do have the laptops imaged once a year and we configure the laptops then.

    Depending on your maintenance cycle you could manually configure it each time or i guess use gpo to deploy the changes.

  14. #12

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,088
    Thank Post
    402
    Thanked 618 Times in 565 Posts
    Rep Power
    180
    Quote Originally Posted by dirtydog View Post
    good idea but we have students laptop keys too and its nice for them to renew each year so they expire when they leave. Unless we can set different expiry time period for different WLAN's on the ZoneDirector?
    Yes, that's possible on Ruckus I believe. You can create different SSID's with different keys and different expiry lengths. Failing that use guest passes for them.

  15. #13

    Join Date
    Aug 2008
    Location
    Northwest
    Posts
    79
    Thank Post
    1
    Thanked 10 Times in 10 Posts
    Rep Power
    13
    Never pinned it down but we used to use IAS etc and found random laptops would sporadically fall off the domain and wed have to rejoin them it was quite a strange fault.
    We switched to using PSKs as a short term measure (a year ago ) and it works much better, at least in regards to falling off the domain.

  16. #14
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    Quote Originally Posted by Kipling View Post
    Never pinned it down but we used to use IAS etc and found random laptops would sporadically fall off the domain and we’d have to rejoin them – it was quite a strange fault.
    We switched to using PSKs as a short term measure (a year ago ) and it works much better, at least in regards to falling off the domain.
    What exactly do you mean falling off the domain?

  17. #15
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Quote Originally Posted by apeo View Post
    Well we use RADUIS here so we dont use Keys. That being said we do have the laptops imaged once a year and we configure the laptops then.

    Depending on your maintenance cycle you could manually configure it each time or i guess use gpo to deploy the changes.

    Hey apeo, can you have one SSID that clients use RADIUS and another where users set their own key manually? I'd like one for our network clients and a public one that can't see our network with a static key.

    Thanks.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. VB Delete registry keys with sub keys
    By cookie_monster in forum Scripts
    Replies: 1
    Last Post: 6th November 2009, 08:57 AM
  2. Ruckus Managed Wireless Causing A Ruckus!
    By CPLTD in forum Our Advertisers
    Replies: 4
    Last Post: 21st August 2009, 09:25 AM
  3. Encryption
    By ScottStevinson in forum How do you do....it?
    Replies: 4
    Last Post: 14th July 2008, 09:27 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •