Security

Reply
Frequent Contributor I
Posts: 105
Registered: ‎09-29-2009

WPA-PSK+portalwithoutauth+whitelistsites

I need to simplify access to the secure network that currently uses 2 mixed schemes:

1.-EAP-TLS with Certificates (cert windows services), radius log:
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server = <undetermined>
  Policy-Name = Allow Remote Access
  Authentication-Type = EAP
  EAP-Type = Smart Card or other certificate

and

2.-EAP-PEAP (Username / Password):
  Proxy-Policy-Name = Use Windows authentication for all users
  Authentication-Provider = Windows
  Authentication-Server = <undetermined>
  Policy-Name = Allow Remote Access
  Authentication-Type = PEAP
  EAP-Type = Secured password (EAP-MSCHAP v2)

Is mixed because some devices (many phones) do not support install certificates or user is very difficult.

The first method is very complicated for almost any user.
The second method is not as complicated but some devices need the "Certificate CA Chain" other (mostly android) need to configure "phase 2" (MS-CHAPv2), others forget the network.

It occurred to me to put a essid WPA-PSK (not open for many devices connect automatically without the user know or want) access only to a server to generate and download the certificates (certificate and Certificate Chain User-Certificate Provider server, Autority server-Certificate).

Any idea how to do it or a better idea?...

 

Frequent Contributor II
Posts: 113
Registered: ‎11-27-2012

Re: WPA-PSK+portalwithoutauth+whitelistsites

If you are using Windows Server with ADCS it allready have a web interface where your users can download certificates for the device and the CA certs.

So what you would need to do is basiccaly to just either make a CP with a link to that ADCS web interface with instructions, or you could just redirect directly to the ADCS Web interface instead of going through the CP.

Just remember to allow traffic to the ADCS IP address ;)

-----------------------------------
-ACMX #352-
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Frequent Contributor I
Posts: 105
Registered: ‎09-29-2009

Re: WPA-PSK+portalwithoutauth+whitelistsites

Thank you Nesvik

 

I need to redirect to an external infomational web page (no authentication) to show some manuals, news and then the link to ADCS.

 

By the way: We have some issues with 2 things:

1.-Captive Portal redirecction (slow, no secure site warning, somethimes "authentication disabled" messages, etc.) and

2.- ADCS like: A lot of security warnings (no Third party CA :( ), some MSwindows versions doesn´t install in the the correct container the AC/ACProvider (chain), some users are getting lost by the "many steps", activex blocked, bad time zone, etc...

 

Any idea to do something more automatized for the users (without clear pa$$)?

 

Regards.

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: