Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


CADMAX

274 posts

Ultimate Geek

Subscriber

#146988 5-Jun-2014 09:29
Send private message

I need to setup a Radius server to filter Mac addresses on a windows 2008 server.

I have never done this before and its for a client that wants to filter MAC addresses.

If there is any one that knows how to do this or has done it and wants a job is is keen to talk me thought it let me know.

I'm happy to pay someone.

(I'm well out of my depth with this one)
By the way its for a school - I'm meant to be donating my time and its bitten me in the bum big time.




In any moment of decision, the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing.

Create new topic
jnimmo
What does this tag do
1057 posts

Uber Geek

Subscriber

  #1059579 5-Jun-2014 09:35
Send private message

Hi Cadmax,
What exactly is the reason they are wanting to do MAC filtering? Do you mean 802.1X authentication for authenticating users or computers to a wireless or wired network?
I've got a draft blog post guide I could send you once I know what you're trying to achieve.

Would highly recommend going down the certificate route instead of creating AD users for MAC addresses, which anyone who knows how it works could abuse
(i.e. authenticate to the network just by using username and password as the MAC address of a trusted PC).

Using Certificate based authentication, Group Policy can configure each domain joined computer to enroll a computer certificate.
This then allows an authenticating computer to be tied to the computer account in AD, and given permission to connect to the network if the computer meets the requirements you define in NPS.

Affiliate link
 
 
 

Affiliate link: You will find anything you want at MightyApe.
wasabi2k
2092 posts

Uber Geek


  #1059582 5-Jun-2014 09:36
Send private message

Hi,
I'm a tad confused as to what you want to achieve.

I assume there are switches or wireless APs that are doing the authenticating against a RADIUS backend, based on MAC address.

If that is the case, here you go:
https://kb.meraki.com/knowledge_base/creating-an-nps-policy-for-mac-based-authentication

You can skip step 10.

NPS is Windows 2008 built in RADIUS. heads up you will need to create ad accounts for all the mac addresses you want to use.

If this is beyond you - I'd let the place know that you are happy to give it a go. Never lie.

CADMAX

274 posts

Ultimate Geek

Subscriber

  #1059584 5-Jun-2014 09:44
Send private message

Hi. the network is a wireless network running UnFi AP back to the windows Box.

The School is running Ipads on the wireless system.




In any moment of decision, the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing.



jnimmo
What does this tag do
1057 posts

Uber Geek

Subscriber

  #1059612 5-Jun-2014 10:00
Send private message

Perfect. I just did this recently using UniFi, Network Policy Server on Windows Server 2008 R2, and a certificate authority.
To join a new iPad to the network we just install a computer certificate on the iPad, then connect to the wifi network- it uses the certificate to authenticate.
Do you know if they have Certificate Authority role setup on a server there?

For a use case like you have described (just for wifi access from non-domain devices) you could probably get away with using MAC authentication as described by wasabi2k though.

If you are interested in the certificate route I'll expedite my blog post titled '802.1X Certificate authentication for non-domain devices'

jnimmo
What does this tag do
1057 posts

Uber Geek

Subscriber

  #1059621 5-Jun-2014 10:10
Send private message

Alternatively, an easier method than setting up a certificate authority would be to use Meraki Systems Manager, which is a free cloud based Mobile Device Management service.

You could setup RADIUS for Active Directory user based authentication, then use MDM to connect using a specified username and password (i.e. create a 'School iPad' user account with a secure password).
If that ever got compromised, you can just roll out a new one through MDM.

It also then lets you see where all the iPads are, remote wipe, change settings, passcode locks, etc. If they don't have something in place already.

hamish225
1365 posts

Uber Geek

ID Verified

  #1059797 5-Jun-2014 13:30
Send private message

if you just want to set mac address filtering on wireless you can do that on the AP's without mucking around with radius




*Insert big spe*dtest result here*


webwat
2036 posts

Uber Geek

Trusted

  #1060940 7-Jun-2014 16:06
Send private message

hamish225: if you just want to set mac address filtering on wireless you can do that on the AP's without mucking around with radius

No you don't want to do that in an educational environment where you likely have 100s of devices in regular use. Radius authentication is the way to go. I thought Windows Server had RADIUS as standard?




Time to find a new industry!




hamish225
1365 posts

Uber Geek

ID Verified

  #1060953 7-Jun-2014 16:47
Send private message

webwat:
hamish225: if you just want to set mac address filtering on wireless you can do that on the AP's without mucking around with radius

No you don't want to do that in an educational environment where you likely have 100s of devices in regular use. Radius authentication is the way to go. I thought Windows Server had RADIUS as standard?


it does you set up a network policy server and connect it to your domain.




*Insert big spe*dtest result here*


Create new topic





News and reviews »

Belkin Screenforce Tempered Glass Screen Protector and Bumper - Apple Watch
Posted 15-Aug-2022 17:20


Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00


Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00


Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51


ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup