Wireless Network Authentication

What is required to setup a radius authentication instead of just a pre-shared key setup.
What are the advantages to doing this?

For the most part you can just install the Radius feature on a domain controller and wire it up. Fun thing to remember though - wifi devices won’t connect before logging in and if a user forgets about signing in from a device and changes their password you’ll have a time sorting out the lockouts.

What wireless vendor are you using? As Alex said, from the server side, the Network Policy Server package is already built-in and works great.

We have always used RADIUS for wifi authentication of staff laptop computers. The advantages are security and ease of use.

The computers are set to authenticate as either computer or user. So even before a user signs in, the computer is authenticated and connected to the domain. This prevents issues with password changes, and even new users can log into a wifi connected computer the first time without issues.

I’ve found that the RADIUS authentication is better than PSK’s for staff computers. I never need to touch the computer again (as far as wifi is concerned). Even when we replaced our wifi system, I set up RADIUS the same way and the computers connected fine.

Our wifi system (Ruckus) generates dynamic PSK’s, unique to each device. I thought about using those for the staff computers, but decided RADIUS is better. If I had to use a common PSK for all computers, I wouldn’t even consider it. Not as secure, and too much effort if the PSK needs to be changed.

Bob is right, PSKs are just not secure. If you hand this out to 10 people, in a few weeks 100 will have it. Several of the wireless vendors have added increased options outside of RADIUS. As mentioned Ruckus (and Xirrus) will do private shared keys… Xirrus now offers direct authentication via Google or Office 365 which eliminates the need for RADIUS and simplifies the process.

Point is, there are certainly better and more secure options than the standard PSK.

The only way a PSK is even remotely secure is if nobody knows it. So it needs to be something like
and pushed out by an MDM or other management tool.

AND that your users aren’t able to view the PSK because they are admins. :unamused:

We currently use some HP wireless system/controller

Had the new user can’t login on a laptop just the other day too.
Ah fun

This looks like a pretty straightforward guide to achieve AD user based authentication on an HP controller. http://www.petenetlive.com/KB/Article/0000922

Hey, how did you get my home network PSK!? :wink:

When QR code wifi joining looked like it was going to take off, I seriously considered an key like that… Mine is decidedly less secure in reality though :wink:

Mine too…been contemplating changing for a while. Never got around for it.