# centralized authentication for decentralised Internet access



## patrick101 (Sep 12, 2009)

The orgnaization has 4 sites where they have a small computer lab/workspace with DSL (at each site) for accessing the Internet. DSL services are from commercial ISPs. There are visitors going into each site and stay some time for their research work. Each site has a number of its own dekstops (Windows XP/Vista machines) and the visitors do also use their own laptops to access the Internet. A wirelss network is setup at each workspace and is protected with WEP (WPA). There are no (windows) domains or servers at these four locations. The visitors are given the WEP key (over the phone) for them to access the wireless and hence the Internet.

I wish to implement a solution where authentication is centralised at their main office (5th site). The visitors generally come to the main office first before going to other satellite sites. All they need access is Internet. Such a centralized solution will also let the organization monitor/log usage (once a visitor has managed to burn entire monthly DSL quota in 2 days and the organisation could not identify the exact person who was responsible for it). The sites are basically functioning with very minimal staff/administrative supervision.

Wireless Access Points have been recently upgraded with D-Link 3200APs, which can talk to a RADIUS server.

Is it possible for a RADIUS server to be kept at the central office for authentication & accounting though the 4 satellite sites have their own private subnets? What (cost effective) options do I have for this scenario?


----------



## L8ians (Sep 15, 2008)

Hi,

Configure the DWL-3200Ap to authenticate via radius server.

For Radius server ip address - Mention Wan(Public) ip address of the main office where you have the radius server.

In the main office router - forward a port to the radius server ip address - so any request for authentication to the main office public ip address will be forwarded to the radius server.

I believe that the server which is acting as radius server should also be a ADS(Domain) server for Authentication.

Create different users on the Ads server for authentication so that each sessions will be recorded.

Also you can identify when a particular user started the session as well as closed.


Hope this will help you.....


----------

