03-30-2006 01:41 PM - edited 07-04-2021 11:52 AM
Our current network is using WPA with having the users get authenticated via the windows domain. Anyone with a domain login can use the same credentials to log in to the wireless network.
Is there a way to keep some users from authenticating to the wireless network?
I was not sure if the windows domain had an option to set who can and cannot access the wireless.
What I am trying to prevent is a user installing a wireless card into their laptop,getting the SSID from another user and the accessing the wireless network with permission.
04-01-2006 07:06 AM
If your company standardizes on a given wireless NIC, you might be able to institute a MAC filter.
If you're using WPA with server-based authentication, you can usually install a policy (i.e., with Microsoft IAS, RRAS, and the user account, you can disable wireless logins by checking / unchecking the "Dial-in" attribute).
Are you using ACS, Microsoft, or freeRADIUS (or other RADIUS server)?
WPA is more of an encrytion thing, which authentication scheme are you using (WPA-PSK, LEAP, PEAP, EAP-TLS, EAP-TTLS, MD5 ...)?
IF you're using Microsoft-based authentication platforms, Microsoft has some pretty good white papers / step-by-step info on setting up their systems.
Good Luck
Scott
04-02-2006 05:25 PM
We are using ACS for the radius but passing all authentication on to the Mircrosoft Server for authentication.
Seth
04-02-2006 09:58 PM
There are a couple options.
You can tell ACS to honor the "Dial-In User" attribute in the MS AD User profile ... anyone who is not "Dial In enabled" will not be authenticated.
I believe you could also define one or more groups in ACS. Membership in a particular group could be used to accept or deny entry via wireless.
There are probably other means, but these are lijely to be the easiest to implement.
Good Luck
Scott
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: