LDS Account Authentication for Accessing Building Internet

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: LDS Account Authentication for Accessing Building Intern

#21

Post by johnshaw »

mrrad... rather members should be encouraged to use their unlimited plans, if they are paying for them. Issues that come up are many times (probably most times) that tablets aren't on people's plans so they want them to connect. I'm on record multiple times as advocating Internet access as a utility, we don't ask people to go home and get a drink, or wear a coat instead of heating a meetinghouse. Unless and Until a meetinghouse has a 10Mbps Down and 1 Mbps Up connection - FMG should be hounded until that is in place (it is the standard rates the church has pre-negotiated with LARGE vendors across the US) it's as close to a standard as we can come. If that amount of bandwidth is not enough, then I'd say we start limiting....

Let's not let the FMG get away with not supplying the standard bandwidth out of a desire to keep their budgets low, or out of ignorance. OR we need to find a way that stakes can supplement the $$ differences.
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”
― Thomas Paine, Common Sense
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: LDS Account Authentication for Accessing Building Intern

#22

Post by russellhltn »

JohnShaw wrote:Let's not let the FMG get away with not supplying the standard bandwidth out of a desire to keep their budgets low, or out of ignorance. OR we need to find a way that stakes can supplement the $$ differences.
I think you're assuming that it's just a phone call to the existing provider. Some places just are not in a location where they can get fast Internet at anything approaching a reasonable price.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: LDS Account Authentication for Accessing Building Intern

#23

Post by johnshaw »

No assumptions here... you are right that some might not, but in 80% of my meetinghouses (there are 9 in my stake which is EXTREMELY RURAL) it isn't a matter of availability - EACH and EVERY month all over the country places that didn't have better access do... all those taxes the entire nation pays are funding rural wireless/fiber networks... In the last 2 years I've gone from barely a DSL line to having 25Mbps U/D available to meetinghouses in the middle of nowhere.
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”
― Thomas Paine, Common Sense
User avatar
gregwanderson
Senior Member
Posts: 702
Joined: Thu Apr 15, 2010 10:34 pm
Location: Huntsville, UT, USA

Re: LDS Account Authentication for Accessing Building Intern

#24

Post by gregwanderson »

russellhltn wrote:Ok, what if a ward council meeting is having a problem using the on-line tools because there's no bandwidth left?
We're going in circles, I think, because if you let people know about the potential problem they will cooperate (...something along the lines of "teach them correct principles" etc.). Those who are clever enough to connect to a wi-fi network will be clever enough to activate their device's "airplane mode" too. Make an announcement two or three times a month in each ward for two or three months. "Please use airplane mode on your wi-fi device until you actually need LDSAccess and then please re-engage airplane mode when you finish."

In our building, the LDSAccess system is less than one year old. We've not yet reached the point where meetings rely on the Internet so much that they'll grind to a halt if the Internet is down. Five years from now, perhaps the building's wi-fi network will be as robust as the free wi-fi at Burger King. We'll get a kick out of the way we were arguing about lack of bandwidth way back in 2013.
mikefackrell
New Member
Posts: 3
Joined: Sat Jan 29, 2011 2:01 pm

Re: LDS Account Authentication for Accessing Building Intern

#25

Post by mikefackrell »

We use a cheap PfSense box with captive portal to conserve bandwidth in our buildings. Each building also has a media server with the come follow me videos so members can stream that content locally on the lan, NO internet bandwith is used at all. PfSense box does go behind the church firewall so it is "legal". We had our own AP's in the buildings and they are not hooked up to the 881 directly so we can control the security on those devices (not sure how this would work with cisco ap's but ours were much cheaper). It is actually an open network so all can connect but limits access to internet bandwidth. PfSense allows for user name and password for internet access as well as vouchers that can be used for temporary 2hr access for teachers. We have been using it for about 1 year and it is doing very well. We are in the process of improving it and making it easier to administrate (not that it was too difficult). Oh and we never have any dhcp lease problems, PfSense takes care of that too! You can also whitelist devices so your bishops and stake presidency and aux presidencies don't need to sign in at all ... it just works for them and that is what they need! There is even bandwidth limiting and monitoring ... I could go on and on...
pbarnsley
New Member
Posts: 10
Joined: Sun Mar 17, 2013 10:47 am

Re: LDS Account Authentication for Accessing Building Intern

#26

Post by pbarnsley »

Looks like mike knows his stuff there, it really frustrates me that the church doesn't seem to have the technical staff capable of implementing good tech.

I am guessing the original WiFi signin project failed because the church didn't want to drop radius servers on their network and effectively create user accounts for every member.

I personally like mikes suggestion of the captive portal. Though the admin overhead he has created with the vouchers does seem a bit OTT to me ;)

You could also do it using a connection policy where church devices auth with a cert, only church devices would be allowed on to the full lan with unlimited bandwidth. You could also enforce policies such as up to date Av and patching before the device can fully connect.Everyone else would be dropped into a dmz, where you would set appropriate policies around access and bandwidth. Simple.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: LDS Account Authentication for Accessing Building Intern

#27

Post by russellhltn »

pbarnsley wrote:You could also do it using a connection policy where church devices auth with a cert, only church devices would be allowed on to the full lan with unlimited bandwidth. You could also enforce policies such as up to date Av and patching before the device can fully connect.Everyone else would be dropped into a dmz, where you would set appropriate policies around access and bandwidth. Simple.
I'll let you tell the bishop that his private device isn't a church machine and so it's limited. Or alternatively, that you get to revoke the certificate of someone who has been released. :rolleyes:
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
pbarnsley
New Member
Posts: 10
Joined: Sun Mar 17, 2013 10:47 am

Re: LDS Account Authentication for Accessing Building Intern

#28

Post by pbarnsley »

I would quite happily do that. Most bishops I know are nice reasonable chaps, if one has a bit of a god complex that is his problem ;) I am sure they would understand that the church was just taking precautions, and as this would come down from the top I'm sure he would oblige.

I may not have been clear though, only church devices would be given the cert. A bishops own tablet or phone would not, he would be "limited" to the church websites..... no more facebooking during boring talks ;)
Post Reply

Return to “Meetinghouse Internet”