Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: techgal
techgal Author
User level: Level 1
5 points

Radius authentication

My complete apologies for what may be a dumb question..
If I set up radius can the user not just "give out" his username and password so that others can connect to the wireless network? The computer would need to be bound of course so maybe that is where our security would come in?
This is the problem we are having.... school district.... teachers keep giving out the wireless password so we are in desperate need of tighter security.
We are looking at radius.
Thanks for helping.

leopard, Mac OS X (10.5.6)

Posted on Mar 17, 2011 11:56 AM

Reply
Question marked as Best reply
User profile for user: Erich Wetzel
Erich Wetzel
User level: Level 2
384 points

Posted on Mar 18, 2011 11:19 AM

techgal,

RADIUS would use the individual credentials of each user to verify whether or not they are permitted to access the wireless network. This eliminates the "shared secret" password used in many simple wireless networks.

Setup example:
-Create a group you call "wirelessaccess" and put the users you want to have wireless network access in it.
-Start RADIUS on your server and set it to only permit "wirelessaccess" group users access to the RADIUS service.
-Tell your server to apply RADIUS authentication to your wireless access points.
-Tell your wireless access points to use only RADIUS authentication from your server.
-When a user tries to connect to the wireless network, they will now be prompted with a user and password dialog which requires a user credential in the "wirelessaccess" group to be permitted on to the wireless network.

You would still have the problem of credentials possibly being given out. However, since the credentials to connect via RADIUS are those of each individual user, you would be able to see in your logs who is supposedly connecting. Individual users would be less likely to give out their own credentials since they would be giving away access in their name and also giving away access to all of their own items in the system.

Hope this helps.

-Erich
View in context
1 reply
Question marked as Best reply
User profile for user: Erich Wetzel
Erich Wetzel
User level: Level 2
384 points

Mar 18, 2011 11:19 AM in response to techgal

techgal,

RADIUS would use the individual credentials of each user to verify whether or not they are permitted to access the wireless network. This eliminates the "shared secret" password used in many simple wireless networks.

Setup example:
-Create a group you call "wirelessaccess" and put the users you want to have wireless network access in it.
-Start RADIUS on your server and set it to only permit "wirelessaccess" group users access to the RADIUS service.
-Tell your server to apply RADIUS authentication to your wireless access points.
-Tell your wireless access points to use only RADIUS authentication from your server.
-When a user tries to connect to the wireless network, they will now be prompted with a user and password dialog which requires a user credential in the "wirelessaccess" group to be permitted on to the wireless network.

You would still have the problem of credentials possibly being given out. However, since the credentials to connect via RADIUS are those of each individual user, you would be able to see in your logs who is supposedly connecting. Individual users would be less likely to give out their own credentials since they would be giving away access in their name and also giving away access to all of their own items in the system.

Hope this helps.

-Erich
Reply

Radius authentication

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up