Wifi on the domain network

anything I don't mind · 5 Mar 2014 at 12:03

If we add wifi to the domain network what would be the recommended configuration? The reason for adding it to the domain network is so that we can use training laptops and work laptops in the meeting rooms without cables. So they will need full access to the internal servers from the wifi network otherwise there is no point.

anything I don't mind · 5 Mar 2014 at 12:20

It is a law firm with 100 users. There is no payment systems on site, but accounts department and systems does sit within that domain.

Traditionally I am against adding wifi to the domain network because i know how insecure wifi can be and see it as hanging a network cable out the window. But it would make life a lot easier for training and meeting rooms.

If i wanted to put the wifi on to a vlan but still allow it to access the servers, how would that be any more useful than putting it on the main vlan?

anything I don't mind · 6 Mar 2014 at 12:44

If you have a wifi with radius and ad auth, how would a user log in to a laptop if they have not authenticated on to the wireless yet. If they can not log in as they don't have domain access. IF we take the laptops off the domain then that defeats the point of connecting them to the domain network.

How do you get around this problem? i know in gpo you can set an option that allows cache creds to work if AD connection is down, but seems bad idea to rely on that. As new users may want to log in to a shared laptop with their roaming profile.

I should add we already have a wifi network but that is on its own isolated network.

anything I don't mind · 6 Mar 2014 at 14:02

I am not with you. If we have a laptop that is on the domain and working ok. Then say we shut it down and start it up again and want to connect it to the wifi but we cant log in to the laptop/domain because its not on the network until we can connect to the wifi. Which we can't can't do because the laptop cant log in to the domain without it being on the domain network.

anything I don't mind · 6 Mar 2014 at 14:05

How so? It will have to authenticate the user details to the domain, which it can't reach because its not on the wifi yet as we havn't logged in. Unless you are saying use a local user account to connect to the laptop, then what's the point of it being on the domain network?

anything I don't mind · 6 Mar 2014 at 16:43

ok thanks caged, i see, you have to specifically add the computer accounts to the radius server.