Hello all,
as always I'd like to apologise if the topic has been already treated.
I've and L-54ag, and I'd like to authenticate the clients that are going to login there, on the Windows 2003 IAS.
I know that on the AP, I've to configure the Radius server, but i don't know exactly where (there're radius configurations at least in 3 places).
Could you please so kind to tell me how should I configure my AP in order to make it work with IAS?
Thanks a lot
Voixes
L-54ag and windows IAS authenitcation
Moderator: Lancom-Systems Moderatoren
Hi,
that depends what you exactly want to authenticate via RADIUS. These different places
allow definition of RADIUS servers for different purposes:
(1) If you want to authenticate clients via 802.1x/EAP, then the RADIUS server is configured
under Setup->IEEE802.1x->RADIUS. Note however that 802.1x can be a rather
complex topic and requires EAP support on both the client and RADIUS server side.
(2) If you merely want to 'authenticate' clients via their MAC addresses,
Setup->WLAN->RADIUS-Authentication is the correct place.
(3) If you have bought a Public Spot option (for browser-based authentication),
Setup->Public-Spot->Provider-List is the place to go.
Note there are more places to configure RADIUS servers, but they serve entirely different
purposes, like accounting and authentication of dial-in users.
So, summing up, you should first clarify what you exactly mean by 'authenticating clients',
then we can give you more detailed help.
Best regards
Alfred
that depends what you exactly want to authenticate via RADIUS. These different places
allow definition of RADIUS servers for different purposes:
(1) If you want to authenticate clients via 802.1x/EAP, then the RADIUS server is configured
under Setup->IEEE802.1x->RADIUS. Note however that 802.1x can be a rather
complex topic and requires EAP support on both the client and RADIUS server side.
(2) If you merely want to 'authenticate' clients via their MAC addresses,
Setup->WLAN->RADIUS-Authentication is the correct place.
(3) If you have bought a Public Spot option (for browser-based authentication),
Setup->Public-Spot->Provider-List is the place to go.
Note there are more places to configure RADIUS servers, but they serve entirely different
purposes, like accounting and authentication of dial-in users.
So, summing up, you should first clarify what you exactly mean by 'authenticating clients',
then we can give you more detailed help.
Best regards
Alfred
“There is no death, there is just a change of our cosmic address."
-- Edgar Froese, 1944 - 2015
-- Edgar Froese, 1944 - 2015
Hi,
as I mentioned, RADIUS servers for 802.1x/EAP are configured under
Setup->IEEE802.1x->RADIUS. After doing that, configure a network
under Setup->Interfaces->WLAN->Encryption to a mode with 802.1x
(either WPA or WEP with 802.1x) and put the name of the RADIUS server
you configured in the 'Key' field. If you want to use WEP+802.1x, you
also have to enable key transmission for the respective network under
Setup->IEEE802.1x->Ports.
Note however that for 802.1x, the most complex part is the setup of EAP/802.1x
on the client and RADIUS server side - the AP merely acts as a passthrough
device for the various EAP methods that can be used between client and
RADIUS server (TLS, TTLS, PEAP, FAST, LEAP...). Most methods require
setting up a CA and at least a certificate on the server side. I don't know enough
about Windows and IAS to help you with that.
Best regards
Alfred
as I mentioned, RADIUS servers for 802.1x/EAP are configured under
Setup->IEEE802.1x->RADIUS. After doing that, configure a network
under Setup->Interfaces->WLAN->Encryption to a mode with 802.1x
(either WPA or WEP with 802.1x) and put the name of the RADIUS server
you configured in the 'Key' field. If you want to use WEP+802.1x, you
also have to enable key transmission for the respective network under
Setup->IEEE802.1x->Ports.
Note however that for 802.1x, the most complex part is the setup of EAP/802.1x
on the client and RADIUS server side - the AP merely acts as a passthrough
device for the various EAP methods that can be used between client and
RADIUS server (TLS, TTLS, PEAP, FAST, LEAP...). Most methods require
setting up a CA and at least a certificate on the server side. I don't know enough
about Windows and IAS to help you with that.
Best regards
Alfred
“There is no death, there is just a change of our cosmic address."
-- Edgar Froese, 1944 - 2015
-- Edgar Froese, 1944 - 2015