This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BYOD - SSO RADIUS Possible?

I've looked at this support article: How to use RADIUS Authentication: Astaro Security Gateway/Sophos UTM

My understanding is that is just for getting back end user memberships and would not authenticate client side.

What we want to do is have our BYOD network clients authenticate with our UTM via their already typed in RADIUS credentials. This may not even be possible (i.e. not very familiar with RADIUS), or it may not be possible with version 9.208 (thus requiring a feature).

Currently we use the browser auth but this is not ideal. Thoughts? Obviously a key factor is that our users don't have to install anything, join the domain, or enter too many settings. The only other solution I can see is having them manually specify proxy settings with a username/password.


This thread was automatically locked due to age.
Parents Reply Children
  • Did you ever get this to work? 

  • We have a setup similar to this.

    Corporate & Guest using Cisco Routers/switches etc & Ubiquiti UAP Pro's. Our corporate devices using machine authentication. Our guests use user authentication. Both from AD. This allows our users to use the same password as they use to logon to the network so they only need to remember one password.

    Their devices are isolated via vlans and ACL's. Only corporate devices can get onto the corporate network due to machine authenticaton. So even though the user knows the password to authenticate on the corporate network, they can't get on unless we have specifically allowed the pc, laptop on.

    You need two profiles on the radius server CORP (machine authentication) & GUEST (user authenication) with machines/users placed in the various profiles/groups.
    CORP profile is 1st in list as users will drop straight through this to GUEST profile

  • It works with Cloudpath ES & Ruckus AP's forwarding accounting info on to our XG firewall. Never ended up being supported on UTM as far as I know.

  • This article helped:

    community.sophos.com/.../131580

    On the Ruckus ZoneDirector WLC you need to enable accounting on a per-WLAN basis which is not enabled by default.

  • Guys, this is the UTM Community.  That this is possible with Cyberoam/XG is interesting though.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA