Wireless authentication with DD-WRT, Cisco and Microsoft

Winski Tech asked:

I’m looking for a way to authenticate my wireless users beyond them just knowing the wireless password. Ideally they would join the access point then get dumped to the login portal that they’d have to log in with their current user name and password, which would get checked against AD.

Additionally, I’d be looking for two features: 1) That users could be “remembered” for 30 days (or some period of time) so they don’t need to log in every time they want to use wireless 2) Somehow we could lock users out through some action in AD

My access points are Buffalo routers running DD-WRT. I have mostly Windows 7 machines and servers running Server 2008 r2. In addition I have a Cisco router and ASA firewall.

Can this be done with the equipment I have? I looked at a few “captive portals” for DD-WRT but they seem outdated.

Any help is appreciated.

My answer:


You want Network Policy Server, which provides a RADIUS server (which you then configure your wireless access points to use) and will require users connecting to Wi-Fi to log in with their AD credentials. This is a standard Windows Server feature you can install from Server Manager or PowerShell.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.