0

Enabling WIFI setup on network requiring an Account Name and Password

Hello,

 

I'm trying to get several Brightsigns on our network. During initial tests at home, it worked perfectly as all that was required was the SSID and password. The issue is at work, the employee network requires inputting an account name in addition to the SSID. The account name then uses a unique password tied specifically to my account name. Checking the network settings on the Brightsign, there's no place to put an account name.

 

Additionally, we also have a public network that uses a capture portal login. I asked IT if there's a way to get the MAC addresses of the Brightsigns listed in a way to bypass this and they said it isn't possible.

 

Is there some script available that would allow me to input my account name credentials? Is there a way for a Brightsign to bypass the capture portal login?

 

Thanks!

5 comments

  • 0
    Avatar
    Bright Scripters

    MAC based whitelisting/provisioning seems like a good direction to take.

     

  • 0
    Avatar
    Ken Campbell

    By “account name”, are you referring to WPA Enterprise (WPA/WPA2-802.1x)? Have a look at the Network Authentication section on the following page:

    https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370673153/roNetworkConfiguration#roNetworkConfiguration-NetworkAuthentication

    As long as you don’t need access to internally hosted resources, an alternative approach is to ask your IT group to create an additional SSID with non-captive public internet access for your exclusive use. Enterprise-grade access points can have multiple SSIDs, each with their own configuration and rule-set. The new SSID can be hidden (or not), use a different IP range or DHCP pool, have traffic shaping, be setup for VLAN tagged traffic (which Brightsigns support), MAC filtering, etc.

    Having IT’s buy-in and support is important, but getting it is different for every organization. If there’s resistance to the above suggestion, I’d try asking them to propose a solution or make recommendations that you can work with.

    Ken

    (Edited)

     

     

     

  • 0
    Avatar
    Ken Campbell

    You probably won’t be able to bypass the captive portal, but you could use the HTML Widget’s Javascript injection feature + some jQuery to automatically click through it.

    I wouldn’t recommend this approach though, not until you exhaust all other courses of action, as it’s a bit of a hack. If the portal has a time-limit, you’d have to figure out a way to deal with that…

  • 0
    Avatar
    ElGatoVolador

    Hi Ken!

    It seems like that's the route I probably have to head. I spoke with IT and unfortunately, there's a lot of politics regarding the IT system as we're an arts institution connected to a private university, and currently, the entire network is transitioning from a WPA2 ran by the institution to a separately network ran by the university. I already spoke with the IT team about this as a possibility.

    Is there a reason why Brightsigns don't have the ability for account names for WPA2 networks? It seems like the places that will be doing complex Brightsign programming would benefit from it. I also spoke with the IT team, and unfortunately the network doesn't allow whitelisting the device.

  • 0
    Avatar
    Ken Campbell

    I'm still unclear on what you're referring to when you say "account name". From the Brightsign support document I linked to earlier:

    "WPA Enterprise is supported using EAP-TLS (with DER, PEM, or PKCS#12 certificates) and PEAPv0/MSCHAPv2 (with a username and passphrase). Wired authentication via 802.1x is also supported."

    Have a look at the following, and perhaps run the supported options by your IT department:

    BrightAuthor -> Tools -> Setup Brightsign Unit -> Advanced Network Setup and then enable Network Authentication on either the Wired or Wireless tab.

    Maybe look into EAP-TLS suite of protocols with a certificate as an alternative? I'm a bit rusty on this, not something I've worked with in a long time, so I can't offer anything more on the topic.

    Ken

     

     

Please sign in to leave a comment.