This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BYOD - SSO RADIUS Possible?

I've looked at this support article: How to use RADIUS Authentication: Astaro Security Gateway/Sophos UTM

My understanding is that is just for getting back end user memberships and would not authenticate client side.

What we want to do is have our BYOD network clients authenticate with our UTM via their already typed in RADIUS credentials. This may not even be possible (i.e. not very familiar with RADIUS), or it may not be possible with version 9.208 (thus requiring a feature).

Currently we use the browser auth but this is not ideal. Thoughts? Obviously a key factor is that our users don't have to install anything, join the domain, or enter too many settings. The only other solution I can see is having them manually specify proxy settings with a username/password.

This thread was automatically locked due to age.

Parents

0 brendan.daniel over 8 years ago

Hey all,

Sorry to drag up the old thread again but it seems we have a development on this. 9.4 contains STAS which, from what I understand, helps with SSO. However, it mentions that this is only for domain joined machines.

Does anyone know if this will help with the authentication of BYOD (Guest) clients in our network?

Brendan
Cancel
Vote Up 0 Vote Down

Cancel
0 vilic over 8 years ago in reply to brendan.daniel

STAS will only work for clients that are member of Active Directory domain, because the service is tightly integrated with domain controller security log for reading logon/logoff events.
Cancel
Vote Up 0 Vote Down

Cancel
0 brendan.daniel over 8 years ago in reply to vilic

What about if the BYOD clients are authenticating via radius against the domain controllers?
Cancel
Vote Up 0 Vote Down

Cancel
0 brendan.daniel over 8 years ago in reply to vilic

Has anyone tried STAS for users authenticating via RADIUS?
Cancel
Vote Up 0 Vote Down

Cancel
0 colly72 over 8 years ago in reply to brendan.daniel

I'm trying to achieve the same thing. Did you ever get anywhere with this?
Cancel
Vote Up 0 Vote Down

Cancel
0 brendan.daniel over 8 years ago in reply to colly72

I have asked Sophos Support and they ignored the question and moved on to closing the job. I also had a direct email conversation with Aus support manager about a few things, I asked him directly if this was able to achieve authentication for BYOD users via Radius and he didn't reply to that email, never heard back from him...

Other firewall providers have been doing this for quite some time. Meru (our wireless provider) couldn't believe Sophos don't do this already. Lucky our firewalls are up for renewal, a chance to look at the competition...
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 brendan.daniel over 8 years ago in reply to colly72

I have asked Sophos Support and they ignored the question and moved on to closing the job. I also had a direct email conversation with Aus support manager about a few things, I asked him directly if this was able to achieve authentication for BYOD users via Radius and he didn't reply to that email, never heard back from him...

Other firewall providers have been doing this for quite some time. Meru (our wireless provider) couldn't believe Sophos don't do this already. Lucky our firewalls are up for renewal, a chance to look at the competition...
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data