?
Solved

RADIUS setup for Single sign on

Posted on 2013-11-04
7
Medium Priority
?
521 Views
Last Modified: 2013-11-11
EE community, I'm looking for suggestions to accomplish single sign for wireless authentication using RADIUS.  Ultimately, I want any user to authenticate to wireless the same way at any of our three offices.

Here is my scenario: Three office locations, HQ and two remote offices connected via BOVPN tunnels.  At HQ I have configured RADIUS and have all local AP's setup and configured.

My question is, how do I go about configuration at the two remote sites?  Both sites have local hardware that could facilitate RADIUS config, but I don't know how to setup to talk to HQ.
0
Comment
Question by:Christina Taylor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39622321
This depends a lot on how your sites work at the moment.  Can you give us an idea of what you have in terms of servers, etc?

If you have an AD for example you could use a local RADIUS at each site with the same policies.  But as I say it depends on what you have at the moment.
0
 

Author Comment

by:Christina Taylor
ID: 39622353
I have AD setup at HQ, running MS Server 2008 R2 at HQ and both remote sites. Sites are connected via BOVPN.  I was also thinking local RADIUS at each site, but wasn't sure of the specific configuration.

I hope this helps.
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 39622385
So I'll say it's easy (assuming it's the same domain throughout).  You'll need to obtain a certificate for each RADIUS server if you want to use EAP-style logins so ideally you'll need certificate services running on your network.

In short, configure the same SSIDs on your APs and create a GPO to push the wireless settings to the clients.  Configure a RADIUS at each site and configure the same access policies on each RADIUS and that's pretty-much all you need to do.
0
Limited time offer using promo code EXPERTS30

Designed with a wealth of functionality and convenience, ATEN's new Thunderbolt™ 2 Sharing Switch takes your Thunderbolt setup to the next level. Now through September 15, 2017, Experts Exchange members get 30% off the US7220 on the ATEN USA eShop using promo code EXPERTS30.

 

Author Comment

by:Christina Taylor
ID: 39622431
Seems pretty straight forward, as you suggest.  To confirm, it is the same domain throughout.

I'll give it a go this week and see how it turns out.  Thanks a million!
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39622442
No probs... if you need any help I'll be here :-)
0
 

Author Comment

by:Christina Taylor
ID: 39628459
Just checking back in to make sure I'm on the right track to implement GPO.  I'm in my default domain policy - Computer Configuration - Windows Settings - Security Settings - Wireless Network, create new policy.

I already have an XP Policy for my wireless network, so I created a new one for 'Vista and Later'.  Am I on the right track?
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39628465
Yup!
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question