• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 529
  • Last Modified:

RADIUS setup for Single sign on

EE community, I'm looking for suggestions to accomplish single sign for wireless authentication using RADIUS.  Ultimately, I want any user to authenticate to wireless the same way at any of our three offices.

Here is my scenario: Three office locations, HQ and two remote offices connected via BOVPN tunnels.  At HQ I have configured RADIUS and have all local AP's setup and configured.

My question is, how do I go about configuration at the two remote sites?  Both sites have local hardware that could facilitate RADIUS config, but I don't know how to setup to talk to HQ.
0
Christina Taylor
Asked:
Christina Taylor
  • 4
  • 3
1 Solution
 
Craig BeckCommented:
This depends a lot on how your sites work at the moment.  Can you give us an idea of what you have in terms of servers, etc?

If you have an AD for example you could use a local RADIUS at each site with the same policies.  But as I say it depends on what you have at the moment.
0
 
Christina TaylorIT AdministratorAuthor Commented:
I have AD setup at HQ, running MS Server 2008 R2 at HQ and both remote sites. Sites are connected via BOVPN.  I was also thinking local RADIUS at each site, but wasn't sure of the specific configuration.

I hope this helps.
0
 
Craig BeckCommented:
So I'll say it's easy (assuming it's the same domain throughout).  You'll need to obtain a certificate for each RADIUS server if you want to use EAP-style logins so ideally you'll need certificate services running on your network.

In short, configure the same SSIDs on your APs and create a GPO to push the wireless settings to the clients.  Configure a RADIUS at each site and configure the same access policies on each RADIUS and that's pretty-much all you need to do.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
Christina TaylorIT AdministratorAuthor Commented:
Seems pretty straight forward, as you suggest.  To confirm, it is the same domain throughout.

I'll give it a go this week and see how it turns out.  Thanks a million!
0
 
Craig BeckCommented:
No probs... if you need any help I'll be here :-)
0
 
Christina TaylorIT AdministratorAuthor Commented:
Just checking back in to make sure I'm on the right track to implement GPO.  I'm in my default domain policy - Computer Configuration - Windows Settings - Security Settings - Wireless Network, create new policy.

I already have an XP Policy for my wireless network, so I created a new one for 'Vista and Later'.  Am I on the right track?
0
 
Craig BeckCommented:
Yup!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now