wireless log in tips?

[Original Poster]

Ok basically I am designing a large network which has to handle anywhere between 500-2000 people and have wireless.... fine wireless all good no problem but the network has sensitive information within it and I need to log everyone who uses the wireless so no generic passwords...

I need every user to have an individual login to the internet/wirless, so I am guessing leave the wireless open and then have a server as a middle man and wait for some kind of authentication?

I can think how it would work in theory but I dont really know what I should do any pointers you can give would help ?

[Detection]

Sounds like you would need something similar to how BT Openzone / BT FON works, anyone can connect to any AP but they need their own credentials to log in with.

Some sort of hotspot software may be able to recreate that

[n_K]

2 Universities I've been to use BlueSocket which is open-wifi, people connect to it, and have to authenticate on an HTTPS server before being given full network/internet access. It's a bit of a pain in the arse in that after login it sends all users to one page (not the page they were attempting to view) and sometimes you get 'Session Error. Please close this browser/tab and start a new session to authenticate'.

Or you could do LEAP/PEAP with WPA2 Enterprise and make uses have to connect using their login details to even connect to the wireless.

[Original Poster]

2 Universities I've been to use BlueSocket which is open-wifi, people connect to it, and have to authenticate on an HTTPS server before being given full network/internet access. It's a bit of a pain in the arse in that after login it sends all users to one page (not the page they were attempting to view) and sometimes you get 'Session Error. Please close this browser/tab and start a new session to authenticate'.

Or you could do LEAP/PEAP with WPA2 Enterprise and make uses have to connect using their login details to even connect to the wireless.

this leap sounds interesting ... hmm i may have to research all of your suggestions

[TPreston]

Active Directory network ? If so use a Windows NPS to authenticate WPA2 Enterprise users

[djdanster]

From my understanding you'd be after something such as a Captive Portal.

[Original Poster]

are any of these free? I mean I have 7-10 servers and loads of switches and routers avalible but I have a 0 budget for software

Active Directory network ? If so use a Windows NPS to authenticate WPA2 Enterprise users

well we could use a windows server but we were hoping for just linux

[djdanster]

For captive portals, A whole list can be found here with tidbits of info about each one and what it runs on.

[Detection]

are any of these free? I mean I have 7-10 servers and loads of switches and routers avalible but I have a 0 budget for software

well we could use a windows server but we were hoping for just linux

If you flashed your routers with DD-WRT firmware, you may be able to do it all for free

[Original Poster]

If you flashed your routers with DD-WRT firmware, you may be able to do it all for free

if i did this I Would probably be beaten with a stick .... while I am in charge of the project im very limited in what I am allowed to do... I can install what ever I want on the servers... the firmware on the cisco equipment must remain as it is... it has to be air tight security while still being able to have a vpn connection from a certain location

[Detection]

if i did this I Would probably be beaten with a stick .... while I am in charge of the project im very limited in what I am allowed to do... I can install what ever I want on the servers... the firmware on the cisco equipment must remain as it is... it has to be air tight security while still being able to have a vpn connection from a certain location

Bad luck, DD-WRT can do all that and more and is probably more secure than stock

Maybe give them it as an option / adding extra APs with DD-WRT and leave the current routers as they are

[n_K]

Haha cisco secure? No :p

[+BudMan MVC]

What wireless routers/APs are you using? Cisco AP, are they standalone or thin (managed via controller)?

How many wireless users, you keep mentioning 500-2000 users - your talking an enterprise setup if your talking 2000 wireless users and I would assume you have way more than just 1 AP, and that you would use a controller that yes could point to radius for auth. You could run freeradius if you needed to, or if windows then sure you could use their own built in radius service - what flavor of windows are you running?

This is that hospital with medical records that your securing access for? Like I said in your other thread you seem to be way way over your head for these projects. And how would you have zero budget for securing medial records? Was I correct this is some hut in the middle of the 3rd world somewhere?

[sc302 Veteran]

The hospitals that I have worked at all have a healthy budget for IT infrastructure provided you can prove you need it, you can't just want to have it.