Solved

How to prompt users to enter a user name and password when they want connect WLAN ?

Posted on 2009-04-06
17
408 Views
Last Modified: 2013-11-09
Hello Experts:

I have a LinkSys wireless router connected to ADSL modem and single computer.
each device (notebook or mobile) wants to connect to my wireless router to share Internet will be asked for "WPA Shared  Key", after entring this key it will stored in the device and  always will be able to connect.

What I need is to prompt each and every device wants to connect to my WLAN to enter a user name and password insted of "WPA Shared Key" at first time it wants to connect.
if I decided to prevent someone to connect my network I will make his user name and password unusable.
Is that possible ?

Thanks in advance.
0
Comment
Question by:SaedSalman
  • 8
  • 6
  • 2
  • +1
17 Comments
 
LVL 6

Expert Comment

by:twocandles
ID: 24080630
I have a Linksys router, and i've read all the docs about, but I found nothing related to what you want. I'm not sure if it's even possible: if the client decides to store a password, there's no way to distinguish if the password sent was stored or actually typed in by the user (from the router's perspective).

A possilbe solution would be to use the MAC filter. The linksys allows you to filter a device based on it's MAX address. If you want to restrict access to a certain device, just delete it from the "allowed" mac address list. I'm using that at home to prevent neighbors from connecting to my adsl router :).

In my Linksys router, the MAC filter is located at:

Wireless -> Wireless MAC Filter
0
 
LVL 14

Accepted Solution

by:
Roachy1979 earned 450 total points
ID: 24081930
Depending on the type of Linksys access point you are using you would need to set up a radius server (such as Windows IAS or FreeRadius) to handle the authentication.....clients wuld then be authinicating in WPA-Enterprise rather than WPA-PSK mode....

You can read a bit about how to implement this using FreeRadius here: http://wiki.freeradius.org/WPA_HOWTO

0
 

Expert Comment

by:canudo
ID: 24092160
What is the model of your router ?
You should use 802.1X , does your router support it ?
0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24092415
Wireless-G Broadband Router (WRT54G2)

check this out:
http://www.linksysbycisco.com/US/en/products/WRT54G2

 Experts : Make it easier to me ..!
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 24094851
The only way with the router you mention above is to use MAC address filtering.....this is by no means secure (it's possible to spoof a MAC address when connecting to your network), but employed in conjunction with WPA2-PSK it will give you the ability to ban MAC addresses...so as long as your users do not know how to circumvent this it will do what you need.

Preferred and recommended solutions though would be to employ radius!
0
 

Assisted Solution

by:canudo
canudo earned 50 total points
ID: 24094953
Hello,

You should configure wpa enterprise or wpa 2 enterprise, see page 12 of users manual in wilreless security chapter.
You will need a radius server, if you have a windows server, you can install it, see
http://support.mof.go.th/radius_windows.html

0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24102034
Hello,
Thank you all,

I am running windows XP  Pro SP3. Is it possible to run radius ? if so, How ? I have a computer, XP OS, Router and ADSL, Do I need something else ? Please walk with me step by step, I am beginner on this subject.
radius requisites User name and Password, Right ?
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 450 total points
ID: 24104900
Ok....Sorry as this is a bit of a u-turn, but I was experimenting with my pfSense last night and discovered it has a useful feature called Captive Portal, which allows you to specify access controls based on usernames and paswords without having to install a RADIUS server.

pfSense is a full featured free BSD based firewall solution that can run on an old PC with a couple of network cards....(you would want 3 in this case).

To set it up, download and burn the current ISO from www.pfsense.org.  This box would need to sit at the perimeter of your network, but can be used to restrict inbound and outbound traffic, proxy and perform some pretty advanced firewall functions.....

Have a look at the screencast for Captive Portal here http://doc.pfsense.org/smiller/Captive_Portal.htm


0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 6

Author Comment

by:SaedSalman
ID: 24119769
> To set it up, download and burn the current ISO

I cannot find the ISO image, may you direct me ?
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 24122024
Sure - where abouts are you.  It's available from the mirrors.....so just pick the closest to you...

http://www.pfsense.org/mirror.php?section=downloads

Remember that pfSense is an appliance - so you need to install it on fresh hardware.....any data on the PC you use will be lost....
0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24122559
Download the this  pfSense-1.2.2-LiveCD-Installer.iso   one only, right ?

> any data on the PC you use will be lost....
Which data ? Do you mean I should remove current linkSys programe ?
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 450 total points
ID: 24122975
Yep...that's the iso.

The pfsense software needs to sit on a dedicated box,.  It's a firewall appliance so would sit at the gateway to your network, inline with the linksys at present.  You would need 3 network interfaces on the box, WAN, LAN and the Wireless interface.....each would have it's own firewall ruleset so you can also restrict access to your internal network as desired.

All other PC's on your LAN would remain the same - they don't require any additional software to make this work....but to emphasise - pfsense is a Unix based operating system in itself and sits on it's own PC.  The good news is that the minimum specs for the box required are:

"Minimum Hardware Requirements

The following outlines the minimum hardware requirements for pfSense 1.2. Note the minimum requirements are not suitable for all environments, see the Hardware Sizing Guidance page for information.

CPU - 100 MHz Pentium
RAM - 128 MB

Requirements specific to individual platforms follow.  

Live CD
CD-ROM drive
USB flash drive or floppy drive to hold configuration file

Hard drive installation
CD-ROM for initial installation
1 GB hard drive

Embedded
128 MB Compact Flash card
Serial port for console"

 "pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices. "

I strongly recommend you read the contents of the wiki here: http://doc.pfsense.org/index.php/Main_Page before you proceed....
0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24180268
I found RADIUS option already installed, Does this solve the problem ?

Please, See the attached picture.
Capture.JPG
Capture1.JPG
0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24210423
Hello,
if I set the security mode to RADIUS will I solve my problem ? any body have any idea ?
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 450 total points
ID: 24212757
In order for Radius to work you need a server that is capable of handling authentication using radius on your LAN - as mentioned previously this could be an IAS server (MS) or a FreeRadius server (*nix)
0
 
LVL 6

Author Comment

by:SaedSalman
ID: 24214518
Yes, When I set security mode to RADIUS it requested Server Address.
So I will install pfsense first and then set the security mode to Radius.

maybe these days
thank you very much
0
 
LVL 6

Author Closing Comment

by:SaedSalman
ID: 31567176
Thank you very much. I did not test it but it seems that will work fine.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now