Wireless Security: Authentication via Active Directory Credentials
Add the ability to connect to the wifi network / hotspot using your AD credentials.
The “company” wifi network can then be accessed using your credentials and when an account is removed or disabled you also cannot connect to the wifi anymore. With that feature you don’t have to change the wifi code whenever a person leaves the company. Maybe also add AD group membership so you can easily grant a select group of people access to your wifi network.
This feature will be released as part of UTM 9.2.
So an update after 9.2 will activate this feature? Currently I can't find this in the 9.2 soft-release.
Terry Johnson commented
Using WPA2 Enterprise authentication and Radius requires less end-user effort than AD authentication to a capitve portal, so about 10 minutes of one-time sysadmin setup will save your end users hours of their time and make the network more secure.
I think that providing improved documentation regarding setting up Radius for WPA2 Enterprise with various backends (AD, eDirectory, etc) would be a better use of Sophos resources than creating a "workaround" for Radius.
I can't understand this feature... just install a Radius Server on your Windows Server machine and you can authenticate via Active Directory...
For easy use, this is very useful, because we do no need to change anything in the Windows-World.
But this should work like Entprise WPA2, with WLAN encryption. The easiest way would be a radius server on the Astaro. The radius is able to use the backend auth.
Agree 100% on the LDAP logic, because then it should apply to AD, eDir plus other LDAP compliant systems offered by Sun, Oracle, Apple etc.
LDAP and eDir for Wireless Auth would be fantastic!
Mario Warth commented
Like Maten already mentioned, LDAP and eDir would be great!
This is working... just install a RADIUS Server on your Windows Domaincontroller...
..and other directories like LDAP and eDir! This would be a nice feature.
If I am not mistaken, this is all possible when using Astaro AP.
Bob Alfson commented
Like Elmar says, this already is possible with Microsoft servers. Also, if I understand the suggestion correctly, since Astaro allows multiple SSIDs with different access requirements, the easiest way to solve this would seem to be a separate, hidden SSID with WPA2 Enterprise for AD users.
Elmar Haag commented
WPA2 Enterprise authentication can be used for this. It even extends the security by not only using AD-username and AD-password but also certfiicates from the windows domain to ensure the user is authenticated.
You just need a Microsoft IAS or NPS server which acts as a RADIUS-to-AD gateway for the wifi enterprise authentication.
And any other LDAP directory. I've got eDirectory users that I am doing this for using web security rules but it would be nice to have another option other then Radius