RADIUS setup for Single sign on

EE community, I'm looking for suggestions to accomplish single sign for wireless authentication using RADIUS.  Ultimately, I want any user to authenticate to wireless the same way at any of our three offices.

Here is my scenario: Three office locations, HQ and two remote offices connected via BOVPN tunnels.  At HQ I have configured RADIUS and have all local AP's setup and configured.

My question is, how do I go about configuration at the two remote sites?  Both sites have local hardware that could facilitate RADIUS config, but I don't know how to setup to talk to HQ.
Christina TaylorIT AdministratorAsked:
Who is Participating?
 
Craig BeckConnect With a Mentor Commented:
So I'll say it's easy (assuming it's the same domain throughout).  You'll need to obtain a certificate for each RADIUS server if you want to use EAP-style logins so ideally you'll need certificate services running on your network.

In short, configure the same SSIDs on your APs and create a GPO to push the wireless settings to the clients.  Configure a RADIUS at each site and configure the same access policies on each RADIUS and that's pretty-much all you need to do.
0
 
Craig BeckCommented:
This depends a lot on how your sites work at the moment.  Can you give us an idea of what you have in terms of servers, etc?

If you have an AD for example you could use a local RADIUS at each site with the same policies.  But as I say it depends on what you have at the moment.
0
 
Christina TaylorIT AdministratorAuthor Commented:
I have AD setup at HQ, running MS Server 2008 R2 at HQ and both remote sites. Sites are connected via BOVPN.  I was also thinking local RADIUS at each site, but wasn't sure of the specific configuration.

I hope this helps.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Christina TaylorIT AdministratorAuthor Commented:
Seems pretty straight forward, as you suggest.  To confirm, it is the same domain throughout.

I'll give it a go this week and see how it turns out.  Thanks a million!
0
 
Craig BeckCommented:
No probs... if you need any help I'll be here :-)
0
 
Christina TaylorIT AdministratorAuthor Commented:
Just checking back in to make sure I'm on the right track to implement GPO.  I'm in my default domain policy - Computer Configuration - Windows Settings - Security Settings - Wireless Network, create new policy.

I already have an XP Policy for my wireless network, so I created a new one for 'Vista and Later'.  Am I on the right track?
0
 
Craig BeckCommented:
Yup!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.