Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to prompt users to enter a user name and password when they want connect WLAN ?

Posted on 2009-04-06
17
Medium Priority
?
417 Views
Last Modified: 2013-11-09
Hello Experts:

I have a LinkSys wireless router connected to ADSL modem and single computer.
each device (notebook or mobile) wants to connect to my wireless router to share Internet will be asked for "WPA Shared  Key", after entring this key it will stored in the device and  always will be able to connect.

What I need is to prompt each and every device wants to connect to my WLAN to enter a user name and password insted of "WPA Shared Key" at first time it wants to connect.
if I decided to prevent someone to connect my network I will make his user name and password unusable.
Is that possible ?

Thanks in advance.
0
Comment
Question by:SaedSalman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 2
  • +1
17 Comments
 
LVL 6

Expert Comment

by:twocandles
ID: 24080630
I have a Linksys router, and i've read all the docs about, but I found nothing related to what you want. I'm not sure if it's even possible: if the client decides to store a password, there's no way to distinguish if the password sent was stored or actually typed in by the user (from the router's perspective).

A possilbe solution would be to use the MAC filter. The linksys allows you to filter a device based on it's MAX address. If you want to restrict access to a certain device, just delete it from the "allowed" mac address list. I'm using that at home to prevent neighbors from connecting to my adsl router :).

In my Linksys router, the MAC filter is located at:

Wireless -> Wireless MAC Filter
0
 
LVL 14

Accepted Solution

by:
Roachy1979 earned 1800 total points
ID: 24081930
Depending on the type of Linksys access point you are using you would need to set up a radius server (such as Windows IAS or FreeRadius) to handle the authentication.....clients wuld then be authinicating in WPA-Enterprise rather than WPA-PSK mode....

You can read a bit about how to implement this using FreeRadius here: http://wiki.freeradius.org/WPA_HOWTO

0
 

Expert Comment

by:canudo
ID: 24092160
What is the model of your router ?
You should use 802.1X , does your router support it ?
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 6

Author Comment

by:SaedSalman
ID: 24092415
Wireless-G Broadband Router (WRT54G2)

check this out:
http://www.linksysbycisco.com/US/en/products/WRT54G2

 Experts : Make it easier to me ..!
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 24094851
The only way with the router you mention above is to use MAC address filtering.....this is by no means secure (it's possible to spoof a MAC address when connecting to your network), but employed in conjunction with WPA2-PSK it will give you the ability to ban MAC addresses...so as long as your users do not know how to circumvent this it will do what you need.

Preferred and recommended solutions though would be to employ radius!
0
 

Assisted Solution

by:canudo
canudo earned 200 total points
ID: 24094953
Hello,

You should configure wpa enterprise or wpa 2 enterprise, see page 12 of users manual in wilreless security chapter.
You will need a radius server, if you have a windows server, you can install it, see
http://support.mof.go.th/radius_windows.html

0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24102034
Hello,
Thank you all,

I am running windows XP  Pro SP3. Is it possible to run radius ? if so, How ? I have a computer, XP OS, Router and ADSL, Do I need something else ? Please walk with me step by step, I am beginner on this subject.
radius requisites User name and Password, Right ?
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 1800 total points
ID: 24104900
Ok....Sorry as this is a bit of a u-turn, but I was experimenting with my pfSense last night and discovered it has a useful feature called Captive Portal, which allows you to specify access controls based on usernames and paswords without having to install a RADIUS server.

pfSense is a full featured free BSD based firewall solution that can run on an old PC with a couple of network cards....(you would want 3 in this case).

To set it up, download and burn the current ISO from www.pfsense.org.  This box would need to sit at the perimeter of your network, but can be used to restrict inbound and outbound traffic, proxy and perform some pretty advanced firewall functions.....

Have a look at the screencast for Captive Portal here http://doc.pfsense.org/smiller/Captive_Portal.htm


0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24119769
> To set it up, download and burn the current ISO

I cannot find the ISO image, may you direct me ?
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 24122024
Sure - where abouts are you.  It's available from the mirrors.....so just pick the closest to you...

http://www.pfsense.org/mirror.php?section=downloads

Remember that pfSense is an appliance - so you need to install it on fresh hardware.....any data on the PC you use will be lost....
0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24122559
Download the this  pfSense-1.2.2-LiveCD-Installer.iso   one only, right ?

> any data on the PC you use will be lost....
Which data ? Do you mean I should remove current linkSys programe ?
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 1800 total points
ID: 24122975
Yep...that's the iso.

The pfsense software needs to sit on a dedicated box,.  It's a firewall appliance so would sit at the gateway to your network, inline with the linksys at present.  You would need 3 network interfaces on the box, WAN, LAN and the Wireless interface.....each would have it's own firewall ruleset so you can also restrict access to your internal network as desired.

All other PC's on your LAN would remain the same - they don't require any additional software to make this work....but to emphasise - pfsense is a Unix based operating system in itself and sits on it's own PC.  The good news is that the minimum specs for the box required are:

"Minimum Hardware Requirements

The following outlines the minimum hardware requirements for pfSense 1.2. Note the minimum requirements are not suitable for all environments, see the Hardware Sizing Guidance page for information.

CPU - 100 MHz Pentium
RAM - 128 MB

Requirements specific to individual platforms follow.  

Live CD
CD-ROM drive
USB flash drive or floppy drive to hold configuration file

Hard drive installation
CD-ROM for initial installation
1 GB hard drive

Embedded
128 MB Compact Flash card
Serial port for console"

 "pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices. "

I strongly recommend you read the contents of the wiki here: http://doc.pfsense.org/index.php/Main_Page before you proceed....
0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24180268
I found RADIUS option already installed, Does this solve the problem ?

Please, See the attached picture.
Capture.JPG
Capture1.JPG
0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24210423
Hello,
if I set the security mode to RADIUS will I solve my problem ? any body have any idea ?
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 1800 total points
ID: 24212757
In order for Radius to work you need a server that is capable of handling authentication using radius on your LAN - as mentioned previously this could be an IAS server (MS) or a FreeRadius server (*nix)
0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24214518
Yes, When I set security mode to RADIUS it requested Server Address.
So I will install pfsense first and then set the security mode to Radius.

maybe these days
thank you very much
0
 
LVL 6

Author Closing Comment

by:SaedSalman
ID: 31567176
Thank you very much. I did not test it but it seems that will work fine.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Check out what's been happening in the Experts Exchange community.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question