Wireless access with LDS Account

harddrive · #1

I have recently read about the wireless access in buildings will be governed by the user account. I currently have 3 buildings that do not have Cisco Wireless Access points (WAP).

Two of the locations were donated and the third was purchase. My question is how is the access going to be done? Is it going to be a radius server or something else handling the request?

also how will the wireless know to access the account? I need to be able to set up my other buildings wireless access points to be able to do the same. I want to do some research so that when it is time to make the change, I can do it fairly easily.

thanks for the help
Terry

russellhltn · #2

My understanding is that it will be done at the firewall. So it will affect both wired and wirelesss. I'm not sure how that's going to work with FHC computers. Some access will be "free" and not require a login. That should take care of the Admin computers.

harddrive · #3

RussellHltn wrote:My understanding is that it will be done at the firewall. So it will affect both wired and wirelesss. I'm not sure how that's going to work with FHC computers. Some access will be "free" and not require a login. That should take care of the Admin computers.

Ok Russell, but the next question is will the user still need to have the SSID and the passcode to get on the wireless? That is the real question.

russellhltn · #4

harddrive wrote:Ok Russell, but the next question is will the user still need to have the SSID and the passcode to get on the wireless? That is the real question.

No. Wireless will be "open".

johnshaw · #5

RussellHltn wrote:My understanding is that it will be done at the firewall. So it will affect both wired and wirelesss. I'm not sure how that's going to work with FHC computers. Some access will be "free" and not require a login. That should take care of the Admin computers.

Russell, I think I've seen this now twice from you, where did this information come from, because it doesn't like a good direction to go... it would REQUIRE a generic username/password for static devices, or creating a unique username/password combo for devices or assigning reservations, all of which becomes a bear just to manage... I'm hoping this is not the case...

MatthewEhle · #6

The technical details are still being worked out, but the login will be accomplished at the firewall. It will be done with a combination of the access management technologies that are already used for many of the LDS sites, combined with some in-house development work.

Nearly all of the configuration will be already built into an appliance that is sent to the meetinghouses, and it is intended to be a very simple installation and shouldn't require much preparation. Of course, time will tell if this is really the case!

aebrown · #7

JohnShaw wrote:Russell, I think I've seen this now twice from you, where did this information come from, because it doesn't like a good direction to go... it would REQUIRE a generic username/password for static devices, or creating a unique username/password combo for devices or assigning reservations, all of which becomes a bear just to manage... I'm hoping this is not the case...

The information was presented in the regional meetings held back in May with Stake Technology Specialists. It was a bit sketchy, and you could tell that they did not have all the implementation details worked out. But at least in my meeting they were quite definite in saying that it would be done at the firewall and thus would affect both wired and wireless connections.

However, that doesn't necessary mean that static devices would "REQUIRE a generic username/password" -- I can certainly imagine implementations (such as configuring exceptions for static IPs) that would not have such a requirement.

I understand the desire to be ahead of the curve for changes, but I think we should wait for more details about the actual implementation before we get too concerned about implementation challenges that we imagine might be a problem.

russellhltn · #8

JohnShaw wrote:it would REQUIRE a generic username/password for static devices, or creating a unique username/password combo for devices or assigning reservations, all of which becomes a bear just to manage

Why? Other then FHC computers (which I have a question about), what else needs "general" access to the Internet? Not MLS - as long as the MLS server is in the "free" zone.

MatthewEhle · #9

aebrown wrote:The information was presented in the regional meetings held back in May with Stake Technology Specialists. It was a bit sketchy, and you could tell that they did not have all the implementation details worked out. But at least in my meeting they were quite definite in saying that it would be done at the firewall and thus would affect both wired and wireless connections.

This is true. I know several vendors were considered, and they all worked by providing a captive portal functionality. I can't say for sure whether this affects both wired and wireless connections, as I'm not involved in that part of the project.

aebrown wrote:However, that doesn't necessary mean that static devices would "REQUIRE a generic username/password" -- I can certainly imagine implementations (such as configuring exceptions for static IPs) that would not have such a requirement.

I guess I would have to wonder why static devices need special treatment at all. Certain sites and network locations don't require a login, so you wouldn't need to do anything special for administrative functions. If you wanted to access the general internet, even on a meetinghouse computer, it seems reasonable that you would have to log in (accountability and all that).

Again, I'm not involved in that specific part of the project, so I'm just giving my opinion on that particular question.

aebrown wrote:I understand the desire to be ahead of the curve for changes, but I think we should wait for more details about the actual implementation before we get too concerned about implementation challenges that we imagine might be a problem.

Exactly. We will launch a pilot for certain locations in the near future, so we can hopefully work out potential issues. As I mentioned earlier, I know that one of the goals is to make this as painless as possible for individual facilities.

harddrive · #10

RussellHltn wrote:No. Wireless will be "open".

So LDSAccess will be out there, but there will not be a passcode to access the wireless. I will have to look into making a wireless connection open and unsecure.

I can also see that this could be dangerous because of the computers on the network will be available to be connected to especially if they are using shares. So we will need to make sure that the computers are "locked" down.