1 Reply Latest reply: Mar 18, 2011 11:19 AM by Erich Wetzel
techgal Level 1 Level 1 (5 points)
My complete apologies for what may be a dumb question..
If I set up radius can the user not just "give out" his username and password so that others can connect to the wireless network? The computer would need to be bound of course so maybe that is where our security would come in?
This is the problem we are having.... school district.... teachers keep giving out the wireless password so we are in desperate need of tighter security.
We are looking at radius.
Thanks for helping.

leopard, Mac OS X (10.5.6)
  • Erich Wetzel Level 2 Level 2 (315 points)
    techgal,

    RADIUS would use the individual credentials of each user to verify whether or not they are permitted to access the wireless network. This eliminates the "shared secret" password used in many simple wireless networks.

    Setup example:
    -Create a group you call "wirelessaccess" and put the users you want to have wireless network access in it.
    -Start RADIUS on your server and set it to only permit "wirelessaccess" group users access to the RADIUS service.
    -Tell your server to apply RADIUS authentication to your wireless access points.
    -Tell your wireless access points to use only RADIUS authentication from your server.
    -When a user tries to connect to the wireless network, they will now be prompted with a user and password dialog which requires a user credential in the "wirelessaccess" group to be permitted on to the wireless network.

    You would still have the problem of credentials possibly being given out. However, since the credentials to connect via RADIUS are those of each individual user, you would be able to see in your logs who is supposedly connecting. Individual users would be less likely to give out their own credentials since they would be giving away access in their name and also giving away access to all of their own items in the system.

    Hope this helps.

    -Erich