How to prompt users to enter a user name and password when they want connect WLAN ?

Hello Experts:

I have a LinkSys wireless router connected to ADSL modem and single computer.
each device (notebook or mobile) wants to connect to my wireless router to share Internet will be asked for "WPA Shared  Key", after entring this key it will stored in the device and  always will be able to connect.

What I need is to prompt each and every device wants to connect to my WLAN to enter a user name and password insted of "WPA Shared Key" at first time it wants to connect.
if I decided to prevent someone to connect my network I will make his user name and password unusable.
Is that possible ?

Thanks in advance.
LVL 6
SaedSalmanAsked:
Who is Participating?
 
Roachy1979Connect With a Mentor Commented:
Depending on the type of Linksys access point you are using you would need to set up a radius server (such as Windows IAS or FreeRadius) to handle the authentication.....clients wuld then be authinicating in WPA-Enterprise rather than WPA-PSK mode....

You can read a bit about how to implement this using FreeRadius here: http://wiki.freeradius.org/WPA_HOWTO

0
 
twocandlesCommented:
I have a Linksys router, and i've read all the docs about, but I found nothing related to what you want. I'm not sure if it's even possible: if the client decides to store a password, there's no way to distinguish if the password sent was stored or actually typed in by the user (from the router's perspective).

A possilbe solution would be to use the MAC filter. The linksys allows you to filter a device based on it's MAX address. If you want to restrict access to a certain device, just delete it from the "allowed" mac address list. I'm using that at home to prevent neighbors from connecting to my adsl router :).

In my Linksys router, the MAC filter is located at:

Wireless -> Wireless MAC Filter
0
 
canudoCommented:
What is the model of your router ?
You should use 802.1X , does your router support it ?
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
SaedSalmanAuthor Commented:
Wireless-G Broadband Router (WRT54G2)

check this out:
http://www.linksysbycisco.com/US/en/products/WRT54G2

 Experts : Make it easier to me ..!
0
 
Roachy1979Commented:
The only way with the router you mention above is to use MAC address filtering.....this is by no means secure (it's possible to spoof a MAC address when connecting to your network), but employed in conjunction with WPA2-PSK it will give you the ability to ban MAC addresses...so as long as your users do not know how to circumvent this it will do what you need.

Preferred and recommended solutions though would be to employ radius!
0
 
canudoConnect With a Mentor Commented:
Hello,

You should configure wpa enterprise or wpa 2 enterprise, see page 12 of users manual in wilreless security chapter.
You will need a radius server, if you have a windows server, you can install it, see
http://support.mof.go.th/radius_windows.html

0
 
SaedSalmanAuthor Commented:
Hello,
Thank you all,

I am running windows XP  Pro SP3. Is it possible to run radius ? if so, How ? I have a computer, XP OS, Router and ADSL, Do I need something else ? Please walk with me step by step, I am beginner on this subject.
radius requisites User name and Password, Right ?
0
 
Roachy1979Connect With a Mentor Commented:
Ok....Sorry as this is a bit of a u-turn, but I was experimenting with my pfSense last night and discovered it has a useful feature called Captive Portal, which allows you to specify access controls based on usernames and paswords without having to install a RADIUS server.

pfSense is a full featured free BSD based firewall solution that can run on an old PC with a couple of network cards....(you would want 3 in this case).

To set it up, download and burn the current ISO from www.pfsense.org.  This box would need to sit at the perimeter of your network, but can be used to restrict inbound and outbound traffic, proxy and perform some pretty advanced firewall functions.....

Have a look at the screencast for Captive Portal here http://doc.pfsense.org/smiller/Captive_Portal.htm


0
 
SaedSalmanAuthor Commented:
> To set it up, download and burn the current ISO

I cannot find the ISO image, may you direct me ?
0
 
Roachy1979Commented:
Sure - where abouts are you.  It's available from the mirrors.....so just pick the closest to you...

http://www.pfsense.org/mirror.php?section=downloads

Remember that pfSense is an appliance - so you need to install it on fresh hardware.....any data on the PC you use will be lost....
0
 
SaedSalmanAuthor Commented:
Download the this  pfSense-1.2.2-LiveCD-Installer.iso   one only, right ?

> any data on the PC you use will be lost....
Which data ? Do you mean I should remove current linkSys programe ?
0
 
Roachy1979Connect With a Mentor Commented:
Yep...that's the iso.

The pfsense software needs to sit on a dedicated box,.  It's a firewall appliance so would sit at the gateway to your network, inline with the linksys at present.  You would need 3 network interfaces on the box, WAN, LAN and the Wireless interface.....each would have it's own firewall ruleset so you can also restrict access to your internal network as desired.

All other PC's on your LAN would remain the same - they don't require any additional software to make this work....but to emphasise - pfsense is a Unix based operating system in itself and sits on it's own PC.  The good news is that the minimum specs for the box required are:

"Minimum Hardware Requirements

The following outlines the minimum hardware requirements for pfSense 1.2. Note the minimum requirements are not suitable for all environments, see the Hardware Sizing Guidance page for information.

CPU - 100 MHz Pentium
RAM - 128 MB

Requirements specific to individual platforms follow.  

Live CD
CD-ROM drive
USB flash drive or floppy drive to hold configuration file

Hard drive installation
CD-ROM for initial installation
1 GB hard drive

Embedded
128 MB Compact Flash card
Serial port for console"

 "pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices. "

I strongly recommend you read the contents of the wiki here: http://doc.pfsense.org/index.php/Main_Page before you proceed....
0
 
SaedSalmanAuthor Commented:
I found RADIUS option already installed, Does this solve the problem ?

Please, See the attached picture.
Capture.JPG
Capture1.JPG
0
 
SaedSalmanAuthor Commented:
Hello,
if I set the security mode to RADIUS will I solve my problem ? any body have any idea ?
0
 
Roachy1979Connect With a Mentor Commented:
In order for Radius to work you need a server that is capable of handling authentication using radius on your LAN - as mentioned previously this could be an IAS server (MS) or a FreeRadius server (*nix)
0
 
SaedSalmanAuthor Commented:
Yes, When I set security mode to RADIUS it requested Server Address.
So I will install pfsense first and then set the security mode to Radius.

maybe these days
thank you very much
0
 
SaedSalmanAuthor Commented:
Thank you very much. I did not test it but it seems that will work fine.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.