non AD dependant WLAN RADIUS machine authentication or similar solution
Posted on 2008-10-08
I need a non AD dependant WLAN RADIUS machine authentication or similar solution
" MS 2003 R2 Std PDCs
" MS ISA 2004 Std Running as an Edge Firewall with Proxy
" D-link DWL-8200AP access points
" MS Clients (domain and non-domain members)
I have a school solution where the students bring their own laptops and I need a WLAN validation model that will include the following
" Not dependant of AD since most students have XP Home or Vista Premium
" Security level equivalent of WPA-something or RADIUS
" Centralized Simple-Stupid management of access rights to the WLAN
" Log with the ability to track students MAC and IP address and preferably the ability to do rARP lookups on MAC address
To top that of, we also have our own laptops, which are all domain members and need to take into account the many changing users that they service. Therefore the solution should preferably be machine- and not user dependent.
We have our own Linux RADIUS solution that we use along with HP or Cisco Access Points, but the mentioned dwl-8200ap has some shortcomings that make it impossible to use our regular solution. They cannot forward the MAC address when running as RADIUS clients.
Any of you guys/galls have a tested solution for this setup?