Dear Guys, I’m planning a wireless network for the company’s conference hall. I want to buy Linksys E4200 and the users would need access to the Internet while they’re connected to our local network. We need to secure the wireless connection by authenticating users with username and password. As the users are guesses, we can’t register all of them in AD DS. I was thinking if it could be possible to have a local website and generate the username and passwords for users. After the user connects to the wireless adapter, the website asks them for the username and password. After the password is authenticated by radius server, the user gets access to the Internet. Can please help me about this issue? Thanks and regards, Bahman

you can downlowd This guide http://www.microsoft.com/download/en/details.aspx?id=8089Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.

Hi, I'm certified as MCSE03: security but what you provded doesn't help me anymore.

Unless your wireless adapter/radius system can intercept the user's request and redirect to a webpage, I dont see how you are going to design this. I am not familiar with that AP, but I am aware of others that have the ability to perform various types of autentication outside of radius, even to a database. I think you may need to do some more research since you are looking for a custom solution. Otherwise, what comes to mind is that if you did have a small AD system configured, you could have a website set up to create user accounts in AD. The problem is that its the chicken and the egg paradox. How can the user register if they can't be authenticated to the AP yet? This is generally why most organizations go with setting up a "Guest" vlan seperate from their network and just have the AP redirect the user on first connection to a website that requires the user to "Accept" the terms of use. If you want users to authenticate, you'll need a seperate process in place to have the users register first. This process can be done using asp.net, allowing IIS to create accounts in AD. Then when the user connects via Wireless you can set up the system for PEAP/802.1x authentication. Users will automicatically be prompted for credentials. This system would then require a nightly job to run and remove the accounts that were created for that day. Just an idea to get you going... Visit anITKB.com, an IT Knowledge Base.

Hi Bahman, Thanks for posting here. I think this can be done by working with other third party devices , have a look the example below : Web Authentication Using LDAP on Wireless LAN Controllers (WLCs) Configuration Example http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a03e09.shtml For guest users, you may consider to redirect that host to a dedicate VLAN after passed the authentication by providing a user name and password of a TEMP account which randomly generated . http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808c9bd1.shtml Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

sorry i didn't understand correctly.Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.

Yes, I agree with Tiger Li. You need WLCs and separte VLANs to configure. Also you need self sign certificate CA server. Thanks

Dear Tiger, I appreciate your answer. it's awesome. it seems a little bit complicated and don't think can be implemented by my manager. do you think if there is any other way to do the same job easier? Thanks and regards, Bahman

Hi Bahman, Thanks for update. You may start to consult with your IT contractor or other solution providers to seek a suitable solutions for your environment to achieve the goal . Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.