|
|
Re: Access Points and Active Directory: msg#00051
security.wireless
|
Subject: |
Re: Access Points and Active Directory |
Saudi,
MS IAS provides several authorization capabilities, such as limiting
the connection hours per user/group. I strongly recommend you to take
a quick look to its documentation to check if it matches all your
requirements.
Cheers,
--
Raul
On 5/17/07, saudi sans <saudisans-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx>
wrote:
Thanks Raul.
What are the authorization rights relevant to wireless network and
can all this be provided by MS-IAS?
I am trying to understand the clear benefits of introducing IAS in between.
On 5/17/07, Raul Siles <raul.siles-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx>
wrote:
> Saudi,
> The MS IAS is an AAA server, therefore AP's can talk directly to it.
> I recommend you a 3-layer approach: APs --- IAS --- AD
>
> Cheers,
> --
> Raul
>
> On 5/17/07, saudi sans <saudisans-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx>
wrote:
> > Can I conclude that we donot need any AAA server in between? The
> > Access points can talk directly to MS IAS.
> >
> > On 5/17/07, Raul Siles <raul.siles-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx>
wrote:
> > > Hi,
> > > If you are going to integrate with MS AD, you can use MS RADIUS
> > > server, called MS IAS - Internet Authentication Service:
> > > www.microsoft.com/technet/network/ias/default.mspx
> > >
> > > It's free if you have the Windows Server versions.
> > >
> > > Cheers,
> > > --
> > > Raul Siles
> > > GSE
> > > www.raulsiles.com
> > >
> > > On 5/17/07, saudi sans
<saudisans-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx> wrote:
> > > > Hi,
> > > >
> > > > We have got 10 Cisco Aironet Access Points . However we donot have a
> > > > AAA solution like Cisco ACS.
> > > >
> > > > But we would like to authenticate wireless LAN users via Active
> > > > directory database before they can connect. Is it possible without a
> > > > AAA solution? Are there any drastic implications if we do this .
> > > >
> > > > Cisco ACS is expensive ...hence we donot want to buy unless it is
mandatory!
> > > >
> > >
> >
>
|
|
