Wireless Security: Authentication via Active Directory Credentials
Add the ability to connect to the wifi network / hotspot using your AD credentials.
The “company” wifi network can then be accessed using your credentials and when an account is removed or disabled you also cannot connect to the wifi anymore. With that feature you don’t have to change the wifi code whenever a person leaves the company. Maybe also add AD group membership so you can easily grant a select group of people access to your wifi network.
ehofstede
shared this idea
12 comments
-
Terry Johnson
commented
Here's a quick how-to: http://www.bunkerhollow.com/blogs/matt/archive/2008/06/04/configuring-server-2008-for-radius-authentication.aspx
Using WPA2 Enterprise authentication and Radius requires less end-user effort than AD authentication to a capitve portal, so about 10 minutes of one-time sysadmin setup will save your end users hours of their time and make the network more secure.
I think that providing improved documentation regarding setting up Radius for WPA2 Enterprise with various backends (AD, eDirectory, etc) would be a better use of Sophos resources than creating a "workaround" for Radius.
-
Michel from NetworkGuy.de
commented
I can't understand this feature... just install a Radius Server on your Windows Server machine and you can authenticate via Active Directory...
-
maygyver
commented
For easy use, this is very useful, because we do no need to change anything in the Windows-World.
But this should work like Entprise WPA2, with WLAN encryption. The easiest way would be a radius server on the Astaro. The radius is able to use the backend auth.
-
Anonymous
commented
Agree 100% on the LDAP logic, because then it should apply to AD, eDir plus other LDAP compliant systems offered by Sun, Oracle, Apple etc.
-
Anonymous
commented
LDAP and eDir for Wireless Auth would be fantastic!
-
Mario Warth
commented
Like Maten already mentioned, LDAP and eDir would be great!
-
Michel from NetworkGuy.de
commented
This is working... just install a RADIUS Server on your Windows Domaincontroller...
-
Marten
commented
..and other directories like LDAP and eDir! This would be a nice feature.
-
Hashim
commented
If I am not mistaken, this is all possible when using Astaro AP.
-
Bob Alfson
commented
Like Elmar says, this already is possible with Microsoft servers. Also, if I understand the suggestion correctly, since Astaro allows multiple SSIDs with different access requirements, the easiest way to solve this would seem to be a separate, hidden SSID with WPA2 Enterprise for AD users.
-
Elmar Haag
commented
WPA2 Enterprise authentication can be used for this. It even extends the security by not only using AD-username and AD-password but also certfiicates from the windows domain to ensure the user is authenticated.
You just need a Microsoft IAS or NPS server which acts as a RADIUS-to-AD gateway for the wifi enterprise authentication. -
Anonymous
commented
And any other LDAP directory. I've got eDirectory users that I am doing this for using web security rules but it would be nice to have another option other then Radius
