Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Radius server setup help!
CADMAX

274 posts

Ultimate Geek


#146988 5-Jun-2014 09:29
Send private message

I need to setup a Radius server to filter Mac addresses on a windows 2008 server.

I have never done this before and its for a client that wants to filter MAC addresses.

If there is any one that knows how to do this or has done it and wants a job is is keen to talk me thought it let me know.

I'm happy to pay someone.

(I'm well out of my depth with this one)
By the way its for a school - I'm meant to be donating my time and its bitten me in the bum big time.




In any moment of decision, the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing.

Create new topic
jnimmo
1073 posts

Uber Geek


  #1059579 5-Jun-2014 09:35
Send private message

Hi Cadmax,
What exactly is the reason they are wanting to do MAC filtering? Do you mean 802.1X authentication for authenticating users or computers to a wireless or wired network?
I've got a draft blog post guide I could send you once I know what you're trying to achieve.

Would highly recommend going down the certificate route instead of creating AD users for MAC addresses, which anyone who knows how it works could abuse
(i.e. authenticate to the network just by using username and password as the MAC address of a trusted PC).

Using Certificate based authentication, Group Policy can configure each domain joined computer to enroll a computer certificate.
This then allows an authenticating computer to be tied to the computer account in AD, and given permission to connect to the network if the computer meets the requirements you define in NPS.

 
 
 
 

You will find anything you want at MightyApe (affiliate link).
wasabi2k
2092 posts

Uber Geek


  #1059582 5-Jun-2014 09:36
Send private message

Hi,
I'm a tad confused as to what you want to achieve.

I assume there are switches or wireless APs that are doing the authenticating against a RADIUS backend, based on MAC address.

If that is the case, here you go:
https://kb.meraki.com/knowledge_base/creating-an-nps-policy-for-mac-based-authentication

You can skip step 10.

NPS is Windows 2008 built in RADIUS. heads up you will need to create ad accounts for all the mac addresses you want to use.

If this is beyond you - I'd let the place know that you are happy to give it a go. Never lie.

CADMAX

274 posts

Ultimate Geek


  #1059584 5-Jun-2014 09:44
Send private message

Hi. the network is a wireless network running UnFi AP back to the windows Box.

The School is running Ipads on the wireless system.




In any moment of decision, the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing.



jnimmo
1073 posts

Uber Geek


  #1059612 5-Jun-2014 10:00
Send private message

Perfect. I just did this recently using UniFi, Network Policy Server on Windows Server 2008 R2, and a certificate authority.
To join a new iPad to the network we just install a computer certificate on the iPad, then connect to the wifi network- it uses the certificate to authenticate.
Do you know if they have Certificate Authority role setup on a server there?

For a use case like you have described (just for wifi access from non-domain devices) you could probably get away with using MAC authentication as described by wasabi2k though.

If you are interested in the certificate route I'll expedite my blog post titled '802.1X Certificate authentication for non-domain devices'

jnimmo
1073 posts

Uber Geek


  #1059621 5-Jun-2014 10:10
Send private message

Alternatively, an easier method than setting up a certificate authority would be to use Meraki Systems Manager, which is a free cloud based Mobile Device Management service.

You could setup RADIUS for Active Directory user based authentication, then use MDM to connect using a specified username and password (i.e. create a 'School iPad' user account with a secure password).
If that ever got compromised, you can just roll out a new one through MDM.

It also then lets you see where all the iPads are, remote wipe, change settings, passcode locks, etc. If they don't have something in place already.

hamish225
1391 posts

Uber Geek

ID Verified

  #1059797 5-Jun-2014 13:30
Send private message

if you just want to set mac address filtering on wireless you can do that on the AP's without mucking around with radius




*Insert big spe*dtest result here*

webwat
2036 posts

Uber Geek

Trusted

  #1060940 7-Jun-2014 16:06
Send private message

hamish225: if you just want to set mac address filtering on wireless you can do that on the AP's without mucking around with radius

No you don't want to do that in an educational environment where you likely have 100s of devices in regular use. Radius authentication is the way to go. I thought Windows Server had RADIUS as standard?




Time to find a new industry!



hamish225
1391 posts

Uber Geek

ID Verified

  #1060953 7-Jun-2014 16:47
Send private message

webwat:
hamish225: if you just want to set mac address filtering on wireless you can do that on the AP's without mucking around with radius

No you don't want to do that in an educational environment where you likely have 100s of devices in regular use. Radius authentication is the way to go. I thought Windows Server had RADIUS as standard?


it does you set up a network policy server and connect it to your domain.




*Insert big spe*dtest result here*

Create new topic





News and reviews »

Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48

Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38

Fitbit Charge 6 Review 
Posted 27-Nov-2023 16:21

Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50

Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45

Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38

Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17

Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42

Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56

Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18

Amazon Introduces All-New Echo Pop in New Zealand
Posted 23-Oct-2023 19:49

HyperX Unveils Their First Webcam and Audio Mixer Plus
Posted 20-Oct-2023 11:47

Seagate Introduces Exos 24TB Hard Drives for Hyperscalers and Enterprise Data Centres
Posted 20-Oct-2023 11:43

Dyson Zone Noise-Cancelling Headphones Comes to New Zealand
Posted 20-Oct-2023 11:33

The OPPO Find N3 Launches Globally Available in New Zealand Mid-November
Posted 20-Oct-2023 11:06








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac






RSS feeds
Main feed
Forums feed
Copyright
©2002-2023 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.