Wireless Authentication w/ AD?



  • Hello,

    We are a small-med business that is looking to change how we authenticate our wireless users.  We have Win2012 on a VM running AD w/ DHCP & DNS.  I'm wondering what the best option would be to use AD to authenticate our wireless users would be?  Or, is AD not the best option?  We're just beginning to consider this change, so I'm also wondering what other things I need to consider that I haven't even thought of yet?

    Cheers


  • Netgate

    WPA2 Enterprise with AD as the RADIUS backend.



  • Thanks for the response, Derelict.  I'll look into how to implement this.

    Cheers



  • Well, I finally got around to doing this.  I have setup MS NPS, but I must say that I'm intimidated by Active Directory Certificate Services.  I don't want to do anything that will screw up my domain.  I also can't get a certificate from an external CA, as our domain ends in .local.  Is it even possible to use Pfsense with FreeRadius, while still using AD for my DHCP & DNS?  I'm guessing probably not.  I'm grateful for any suggestions.



  • I'm authenticating users with AD, but not with wireless, but with OpenVPN.

    System -> User Manager -> Servers

    I have checked:
    Bind credentials Use anonymous binds to resolve distinguished names
    Because I allow anonymous access to AD, because I also needed that for Thunderbird autoconfiguration.

    User naming attribute: sAMAccountName
    Group naming attribute: cn
    Group member attribute: memberOf

    This is an ancient 2003 AD. I did nothing with any certificate services or other non-working shite.

    In OpenVPN have used these options:
    Server Mode: Remote Access (SSL/TLS + User Auth)
    Backend for authentication: the name of the LDAP server in the 'servers' tab of the user manager.