No announcement yet.

Wireless authentication using RADIUS

  • Filter
  • Time
  • Show
Clear All
new posts

  • Wireless authentication using RADIUS

    I have a 2008 R2 server that is currently being used as a RADIUS server, for wireless authentication.

    We have two separate VLANs, SSIDs, one for guests, one for our internal use. All equipment is from Juniper (WM20, APs)
    For internal use, the user needs to be part of our AD and naturally their credentials need to be valid, this gets checked automatically and is configured through GPO.
    The guest authentication is configured as such, that a guest needs to enter a username, password every time they want to use our wireless.

    I'd like to change the way both work.

    For internal I'd prefer that we check based on a computer (so the computer is on our LAN before the user logs on will help a lot with GPO, startup scripts...), I'd also like to make it as secure as possible (using our available equipment) without requiring smart cards. An internal CA is available, and I was thinking along the lines of computer certificates.

    The problem is my knowledge is quite scarce, but am more than willing to read (resource, book) so I could configure it to my liking.
    I'd also appreciate any suggestions if this is the way to go, how to go about configuring it. Clients are XP SP3 and Win 7.

    The guest network needs to be changed so that a user/computer authenticates only once and that's it. Much like the way homes are configured, but I'd still like to have it authenticate through RADIUS. The reason for this is not only our visitors, but mobile phones/tablets (iPad/iPhone, Android, Symbian...) right now these are basically useless, since one needs to enter the credentials each and every time.

    Any assistance is greatly appreciated.