Wireless access with LDS Account

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
harddrive
Member
Posts: 445
Joined: Thu Jan 03, 2008 7:52 pm

Wireless access with LDS Account

Postby harddrive » Fri Aug 12, 2011 11:12 am

I have recently read about the wireless access in buildings will be governed by the user account. I currently have 3 buildings that do not have Cisco Wireless Access points (WAP).

Two of the locations were donated and the third was purchase. My question is how is the access going to be done? Is it going to be a radius server or something else handling the request?

also how will the wireless know to access the account? I need to be able to set up my other buildings wireless access points to be able to do the same. I want to do some research so that when it is time to make the change, I can do it fairly easily.

thanks for the help
Terry

russellhltn
Community Administrator
Posts: 20781
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Fri Aug 12, 2011 11:28 am

My understanding is that it will be done at the firewall. So it will affect both wired and wirelesss. I'm not sure how that's going to work with FHC computers. Some access will be "free" and not require a login. That should take care of the Admin computers.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

harddrive
Member
Posts: 445
Joined: Thu Jan 03, 2008 7:52 pm

Postby harddrive » Fri Aug 12, 2011 11:30 am

RussellHltn wrote:My understanding is that it will be done at the firewall. So it will affect both wired and wirelesss. I'm not sure how that's going to work with FHC computers. Some access will be "free" and not require a login. That should take care of the Admin computers.


Ok Russell, but the next question is will the user still need to have the SSID and the passcode to get on the wireless? That is the real question.

russellhltn
Community Administrator
Posts: 20781
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Fri Aug 12, 2011 11:41 am

harddrive wrote:Ok Russell, but the next question is will the user still need to have the SSID and the passcode to get on the wireless? That is the real question.


No. Wireless will be "open".
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
johnshaw
Senior Member
Posts: 1839
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Postby johnshaw » Fri Aug 12, 2011 1:08 pm

RussellHltn wrote:My understanding is that it will be done at the firewall. So it will affect both wired and wirelesss. I'm not sure how that's going to work with FHC computers. Some access will be "free" and not require a login. That should take care of the Admin computers.


Russell, I think I've seen this now twice from you, where did this information come from, because it doesn't like a good direction to go... it would REQUIRE a generic username/password for static devices, or creating a unique username/password combo for devices or assigning reservations, all of which becomes a bear just to manage... I'm hoping this is not the case...

User avatar
matthewehle
New Member
Posts: 16
Joined: Fri Aug 12, 2011 1:07 pm
Location: Riverton, Utah

Postby matthewehle » Fri Aug 12, 2011 1:16 pm

The technical details are still being worked out, but the login will be accomplished at the firewall. It will be done with a combination of the access management technologies that are already used for many of the LDS sites, combined with some in-house development work.

Nearly all of the configuration will be already built into an appliance that is sent to the meetinghouses, and it is intended to be a very simple installation and shouldn't require much preparation. Of course, time will tell if this is really the case!

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Fri Aug 12, 2011 1:16 pm

JohnShaw wrote:Russell, I think I've seen this now twice from you, where did this information come from, because it doesn't like a good direction to go... it would REQUIRE a generic username/password for static devices, or creating a unique username/password combo for devices or assigning reservations, all of which becomes a bear just to manage... I'm hoping this is not the case...


The information was presented in the regional meetings held back in May with Stake Technology Specialists. It was a bit sketchy, and you could tell that they did not have all the implementation details worked out. But at least in my meeting they were quite definite in saying that it would be done at the firewall and thus would affect both wired and wireless connections.

However, that doesn't necessary mean that static devices would "REQUIRE a generic username/password" -- I can certainly imagine implementations (such as configuring exceptions for static IPs) that would not have such a requirement.

I understand the desire to be ahead of the curve for changes, but I think we should wait for more details about the actual implementation before we get too concerned about implementation challenges that we imagine might be a problem.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

russellhltn
Community Administrator
Posts: 20781
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Fri Aug 12, 2011 1:37 pm

JohnShaw wrote:it would REQUIRE a generic username/password for static devices, or creating a unique username/password combo for devices or assigning reservations, all of which becomes a bear just to manage


Why? Other then FHC computers (which I have a question about), what else needs "general" access to the Internet? Not MLS - as long as the MLS server is in the "free" zone.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
matthewehle
New Member
Posts: 16
Joined: Fri Aug 12, 2011 1:07 pm
Location: Riverton, Utah

Postby matthewehle » Fri Aug 12, 2011 2:43 pm

aebrown wrote:The information was presented in the regional meetings held back in May with Stake Technology Specialists. It was a bit sketchy, and you could tell that they did not have all the implementation details worked out. But at least in my meeting they were quite definite in saying that it would be done at the firewall and thus would affect both wired and wireless connections.


This is true. I know several vendors were considered, and they all worked by providing a captive portal functionality. I can't say for sure whether this affects both wired and wireless connections, as I'm not involved in that part of the project.

aebrown wrote:However, that doesn't necessary mean that static devices would "REQUIRE a generic username/password" -- I can certainly imagine implementations (such as configuring exceptions for static IPs) that would not have such a requirement.

I guess I would have to wonder why static devices need special treatment at all. Certain sites and network locations don't require a login, so you wouldn't need to do anything special for administrative functions. If you wanted to access the general internet, even on a meetinghouse computer, it seems reasonable that you would have to log in (accountability and all that).

Again, I'm not involved in that specific part of the project, so I'm just giving my opinion on that particular question.

aebrown wrote:I understand the desire to be ahead of the curve for changes, but I think we should wait for more details about the actual implementation before we get too concerned about implementation challenges that we imagine might be a problem.


Exactly. We will launch a pilot for certain locations in the near future, so we can hopefully work out potential issues. As I mentioned earlier, I know that one of the goals is to make this as painless as possible for individual facilities.

harddrive
Member
Posts: 445
Joined: Thu Jan 03, 2008 7:52 pm

Postby harddrive » Fri Aug 12, 2011 7:17 pm

RussellHltn wrote:No. Wireless will be "open".


So LDSAccess will be out there, but there will not be a passcode to access the wireless. I will have to look into making a wireless connection open and unsecure.

I can also see that this could be dangerous because of the computers on the network will be available to be connected to especially if they are using shares. So we will need to make sure that the computers are "locked" down.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest