Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
huziahmetov2015-03-10 08:43:34
WiFi
huziahmetov, 2015-03-10 08:43:34

Wi-Fi in the office with access logs and user authorization in AD?

Good time.
Big bosses demand to cover the office with a Wi-Fi network, to access the Internet from their personal phones / tablets / laptops. Of course, they themselves say that you need to buy a zuxel kinetic, put it at the secretary, let there be happiness.
Of course, I don’t like this option - I want to organize access so that every sneeze is reflected in the logs, plus I don’t want to maintain a separate user database when there is AD. So far, we are talking about one access point, without roaming (but again, I want to make a decision with a margin for the implementation of this very roaming in the future).
From the equipment there are a couple of Mikrotiks, from the software a squid with configured ntml authorization, and a domain on win2012r2. How to connect all this into a whole working system? What to raise, what to buy?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
C
Cool Admin, 2015-03-10
@ifaustrue

Considering that half of the work has been done, half of the software and hardware is there, you can look in the direction of authorization with a radius of users from the domain at the points themselves. To do this:
1. We raise the Network Policy Server role on any virtual machine from the domain, add the necessary policies to it, and radius clients (add dots by IPs). These settings are googled or calculated
2. At the points of Mikrotik - raise the WPA2-E authorization by login password.
3. On them, you make a redirect for HTTP traffic to squid - thereby switching everything to a transparent proxy mode
4. On the squid, configure statistics collection.
Everything will work safer and more flexible than the Kerio option, and cleaner in terms of licenses. But with the setting you have to tinker.

Report
A
Armenian Radio, 2015-03-10
@gbg

Ready solution - Kerio Control. He takes accounts from AD, keeps logs, and manages policies. Nice combine.
Village roaming - configure the same SSID at the points. Non-rustic usually means buying a proprietary solution (points and controller) from one of the vendors.
In total, you allocate a server with two network cards, one - "to the world", the second - to the point, put Kerio on it, and turn off everything (DNS, DHCP, NAT) on the point - just leave the WiFi-Ethernet bridge.

Report
O
oia, 2015-03-10
@oia

Isn't it easier to raise a guest wifi without access to a corporate network and put restrictions on the bandwidth of this grid

Similar questions
S
Sergey2015-07-08 12:55:57
What will be the quality of a 1.5 km wi-fi link (with a zero Fresnel zone and in the middle, a deviation to the side is permissible by a maximum of a meter)? 1Reply
L
LiberBear2017-07-01 10:38:47
How to protect yourself from Deauth attacks on Wifi? 0Reply
E
evilo4ek2021-05-20 15:25:32
Why can't Kali Linux see WIFI networks? 0Reply
A
amneza2017-07-03 18:08:40
How to connect lan + wifi network? 1Reply
Y
yatacan2021-05-21 17:58:52
Can an ISP limit traffic so that only one device can work properly? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question