Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Wireless Security: Authentication via Active Directory Credentials

Add the ability to connect to the wifi network / hotspot using your AD credentials.
The “company” wifi network can then be accessed using your credentials and when an account is removed or disabled you also cannot connect to the wifi anymore. With that feature you don’t have to change the wifi code whenever a person leaves the company. Maybe also add AD group membership so you can easily grant a select group of people access to your wifi network.

230 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    ehofstedeehofstede shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    13 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Terry JohnsonTerry Johnson commented  ·   ·  Flag as inappropriate

        Here's a quick how-to: http://www.bunkerhollow.com/blogs/matt/archive/2008/06/04/configuring-server-2008-for-radius-authentication.aspx

        Using WPA2 Enterprise authentication and Radius requires less end-user effort than AD authentication to a capitve portal, so about 10 minutes of one-time sysadmin setup will save your end users hours of their time and make the network more secure.

        I think that providing improved documentation regarding setting up Radius for WPA2 Enterprise with various backends (AD, eDirectory, etc) would be a better use of Sophos resources than creating a "workaround" for Radius.

      • maygyvermaygyver commented  ·   ·  Flag as inappropriate

        For easy use, this is very useful, because we do no need to change anything in the Windows-World.

        But this should work like Entprise WPA2, with WLAN encryption. The easiest way would be a radius server on the Astaro. The radius is able to use the backend auth.

      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        Agree 100% on the LDAP logic, because then it should apply to AD, eDir plus other LDAP compliant systems offered by Sun, Oracle, Apple etc.

      • MartenMarten commented  ·   ·  Flag as inappropriate

        ..and other directories like LDAP and eDir! This would be a nice feature.

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        Like Elmar says, this already is possible with Microsoft servers. Also, if I understand the suggestion correctly, since Astaro allows multiple SSIDs with different access requirements, the easiest way to solve this would seem to be a separate, hidden SSID with WPA2 Enterprise for AD users.

      • Elmar HaagElmar Haag commented  ·   ·  Flag as inappropriate

        WPA2 Enterprise authentication can be used for this. It even extends the security by not only using AD-username and AD-password but also certfiicates from the windows domain to ensure the user is authenticated.
        You just need a Microsoft IAS or NPS server which acts as a RADIUS-to-AD gateway for the wifi enterprise authentication.

      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        And any other LDAP directory. I've got eDirectory users that I am doing this for using web security rules but it would be nice to have another option other then Radius

      Feedback and Knowledge Base