|
|
 |
|
|
Pages: 1
Logging on to a wireless network
(Click here to view the original thread with full colors/images)
Posted by: miha
Hi,
I actually don't have a problem with logging on to a wifi, but rather have a question about it and I'm hoping someone would be so kind to enlighten me.
Ok here's the thing when connecting via some kind of DSL or DialUp you need to have a client and then use a username and password to access the network. So you've got a PPPoE or PPP client and a PPPoE or PPP server and Radius that authenticates the client and then permits access.
Now I'm wondering if there is a similar way of logging on via wifi or could even PPPoE be used to logon via wifi? What would I need on a server side and client side for this to work?
Thanks for any suggestions and help.
Good day to all
Posted by: Ion Silverbolt
A wireless router takes care of all the authentication after you set it up. Once it is setup, anyone on your network can access the internet without any sort of logging in.
Posted by: miha
Thank you for your reply.
I know that the router takes care of the connectivity but that's not what I had in mind.
Ok lets say we had a large wireless network with 20 access points and 200-350 users who we would like connect to the internet. If the users were connecting over a DSL or similar they would usually need to use a username and password to access the network. Now if these users are connecting to a wireless network all they would need to access the network is knowing the SSID and the encryption key. But anyone can get hold of the encryption key so in order to avoid this the best way to authenticate a client is again via username and password.
Does anyone know of any way of doing so without using a captive portal. I was thinking of something similar to the PPPoE client that is used for connecting to DSL.
Is there any way of doing this?
Thanks for the help.
Posted by: Ion Silverbolt
If someone is willing to give out an encryption key, why wouldn't they also give out a valid user name and password? I think some of the newer wireless encryption schemes are pretty effective.
If you want another layer of validation, use DHCP reservation. That way only computers with the allowed MAC addresses can log on to the network. Sure a mac address can be cloned, but the user would have to know the encryption key and a valid mac address to log in. If someone in your company is willing to give out that sort of information, there's not a lot you can do.
Posted by: FadedMaster
I'm guessing the reasoning behind the username and password is that it can easily be traced to who gave the information out. Whereas if you have one encryption key, obviously it could be any of the 200-350 people. I only know of using a capture portal to achieve this username and password login.
Posted by: Ion Silverbolt
DHCP reservation would work for that. Just identify the user by his wireless MAC address.
Posted by: FadedMaster
 Quote:
|
Originally Posted by Ion Silverbolt
DHCP reservation would work for that. Just identify the user by his wireless MAC address.
|
I somehow missed that in your other post. Haha. Yeah, good idea. It's a good thing I took my nap for today.
Posted by: miha
Exactly FadedMaster, an encryption key is only one. But if users use a username/password you know exactly who loged on from what mac address and even only permit one login.
Ion Silverbolt MAC address filtering is grate but there are two problems.
First in order for MAC filtering to work I would need to know all of the users MAC addresses in advance witch could be a problem if clients use different network card(different computers). Second as you said a MAC address can be cloned very, very easily. You don't even need to have the network key since the mac is in not encrypted and the key also not a big problem if you've got 80-120 users generating traffic like crazy. Now you've got two problems again you've got two mac addresses loging onto the network do you block/allow both and how to determine witch is the real client.
Of course there is some equipment out there that doesn't really care if there are multiple mac's on the network each gets it's own IP and things just work somehow(don't ask me how but it does - I was amassed).
Ok a captive portal could be the way to go, but a user still always has to open a browser and login and keep the session active(not closing the browser).
This is ok but I still think that there is another way of connecting to a network.
I could use a personal certificate for each user, but this presents yet more problems since a user needs to transfer the cert. to another computer if they want to login from a different computer. Or I could use an open wifi network and then have the users login via a vpn witch is encrypted and secure but this is a lot of hassel and some users don't even know what a vpn is so that one is most likely out.
Here's a crazy one could I setup a local pppoe server and clients just connect to the network and login via pppoe to the local server for authentication. The data would be transfered between the client over the wireless/wired connection to the local pppoe server and then routed onward. But would a pppoe even be possible over a wireless connection?
This could be the solution that is most similar to what I'm looking for.
Could this work?
Thanks for participating in the discussion.
Posted by: Ion Silverbolt
What about a VPN? I would think that could be used in the same manner. The wireless connections would go through the VPN server to access the internet instead of having direct access to the Internet. In other words, they would have to log onto the VPN.
|
|
|
|
|
