Solved

RADIUS setup for Single sign on

Posted on 2013-11-04
7
499 Views
Last Modified: 2013-11-11
EE community, I'm looking for suggestions to accomplish single sign for wireless authentication using RADIUS.  Ultimately, I want any user to authenticate to wireless the same way at any of our three offices.

Here is my scenario: Three office locations, HQ and two remote offices connected via BOVPN tunnels.  At HQ I have configured RADIUS and have all local AP's setup and configured.

My question is, how do I go about configuration at the two remote sites?  Both sites have local hardware that could facilitate RADIUS config, but I don't know how to setup to talk to HQ.
0
Comment
Question by:Christina Taylor
  • 4
  • 3
7 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39622321
This depends a lot on how your sites work at the moment.  Can you give us an idea of what you have in terms of servers, etc?

If you have an AD for example you could use a local RADIUS at each site with the same policies.  But as I say it depends on what you have at the moment.
0
 

Author Comment

by:Christina Taylor
ID: 39622353
I have AD setup at HQ, running MS Server 2008 R2 at HQ and both remote sites. Sites are connected via BOVPN.  I was also thinking local RADIUS at each site, but wasn't sure of the specific configuration.

I hope this helps.
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39622385
So I'll say it's easy (assuming it's the same domain throughout).  You'll need to obtain a certificate for each RADIUS server if you want to use EAP-style logins so ideally you'll need certificate services running on your network.

In short, configure the same SSIDs on your APs and create a GPO to push the wireless settings to the clients.  Configure a RADIUS at each site and configure the same access policies on each RADIUS and that's pretty-much all you need to do.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Christina Taylor
ID: 39622431
Seems pretty straight forward, as you suggest.  To confirm, it is the same domain throughout.

I'll give it a go this week and see how it turns out.  Thanks a million!
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39622442
No probs... if you need any help I'll be here :-)
0
 

Author Comment

by:Christina Taylor
ID: 39628459
Just checking back in to make sure I'm on the right track to implement GPO.  I'm in my default domain policy - Computer Configuration - Windows Settings - Security Settings - Wireless Network, create new policy.

I already have an XP Policy for my wireless network, so I created a new one for 'Vista and Later'.  Am I on the right track?
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39628465
Yup!
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question