Wireless Networks Thread, Wireless - Active Directory - Radius - Pre-Login - Scripts - Ahhh! in Technical; edugeek ...I've looked over various thread over the last few weeks, what I'm looking for is a definitive answer to ...
edugeek...I've looked over various thread over the last few weeks, what I'm looking for is a definitive answer to a question that has plagued me for sometime....
Is there any wireless vendor that supplies a out the box simple solution, if so who?
And the question.... aka - the "holy grail of wireless"
What I'm looking for is a wireless system with a central controller that can pre-login to a Active Directory server and allow a non-cached user to login to a wireless laptop/client and provide remote scripting/account desktop setting etc.
Is this possible without a Radius implementation, by using a 'normal' AD server as if your were on a wired connection?
Currently I can get only get a cached user to login to the local account, connect to the wireless, logout and then back in to provide their remote AD script/setting/network shares.
I'm not looking for any work around or hacks, just a simple solution or definitive "NO", a Radius server is the _only_ way forward. (and if anyone would care to suggest a free Radius server install (any OS - freeradius?) etc that would be a bonus)
yes, you can have a wireless laptop configured with WPA-PSK credentials that will allow it to participate on a WiFi network to allow it to authenticate (allow non cached users logons) BUT this is not an ultimately secure or scalable solution.
no, IF you want premium security, scalability and granularity
FreeRadius is a *nix based radius server, never used it. I know Geoff uses/used it and recommended it awhile back with packetFence.
IAS (internet authentication service) is part of the windows 2003/2003r2 family and is free with the server license
NPS (Network protection service) is part of the windows 2008/ 2008r2 family and is free with a server license
I think what you are looking for is LDAP integration. This allows the wireless controller or access points to add themselves to AD and read user credentials without the use of a RADIUS server. Most enterprise kit will do this. I know for certain that both Aerohive and Juniper Network support this feature.
But if you already have a AD server why not just enable IAS/NPS (microsofts 2003/2008 RADIUS server) it's free.
Just re-read your post and it may be as simple as checking the box to allow "authenticate as computer when computer information is available" within the wireless properties. If computer authentication isn't enabled the laptop won't bring up the wireless connection until after the ctrl-alt-del screen.
Last edited by paulfinlay; 7th November 2011 at 04:20 PM.