0

Corporate networks use AD mostly to authenticate users - in that desktop machines require signing in to a Windows domain - which is centrally managed/universal.

Now, if I had an iPad and I brought it into work, I wanted to be able to sign in to my AD so that if I type http://internal.link into my iPad browser, it would resolve just like it would on a Windows desktop machine inside that corporate network.

To do this, I presume that the iPad will discover the company wifi network, and I would like to sign in to that wifi using my corporate AD credentials. This leads me to my questions:

  • How can a wifi network tie itself to Active Directory, granting sessions only to properly authenticated AD users? Do I need to purchase particular wifi routers or do anything specific on the AD side?
  • If I was to sign in successfully somehow using my AD credentials, I will then have use of the company wifi - with accompanying access privileges to resolve internal-only URL's. What would it then take to get my iPad browser to enjoy features that are available to corporate IE users such as SSO (seamless sign on)? At worst, would an application at http://internal.link simply prompt me to sign in again with my AD credentials?
Amit Kothari
  • 520
  • 8
  • 23

2 Answers2

0

You're talking about two different technologies here:

  • AD is used to identify individual users on the network. It's for authentication and authorization.
  • DNS is used to resolve the hostnames of internal applications. I.E.: http://internal.link resolves to 10.0.0.5

With that said, your work probably has some sort of wireless authentication mechanism. I've never heard of them using AD for that, but I suppose it's possible. You need to get on the work's wifi. Once there, your IPad will either pick up it's DNS server settings from the network via DHCP, or you will have to manually configure them (most wifi networks use DHCP these days).

Assuming you are successful in getting on the Wi-Fi, and assuming that your DNS servers are established (via DHCP or otherwise), you should be able to hit any internal site from the iPad as long as the wifi network has access to those internal sites. There are various reasons that it wouldn't (i.e. firewalls, etc.). The internal site, if it's using AD/NTLM will ask you for credentials when you first visit it. You can usually just supply your AD username and password, and it will work fine.

Scott Arrington
  • 12,325
  • 3
  • 42
  • 54
  • Yep, good points. Is there any way of "remembering" details for the purposes of signing in? Or to take it one step further - is there an emulation of single sign on for Windows networks (which IE does) on Safari/iPad? – Amit Kothari Jan 09 '13 at 17:01
  • You said: "I've never heard of them using AD for that, but I suppose it's possible." I have to add that my company does this way. To logon into the wireless network you have to be previously logged in to the Active Directory through a wired connection, at least the first time. The rest of the time, the passowrd updates are made and refreshed in the wireless connection as well. – Raul Luna Jul 11 '13 at 09:09
0

I would ask your sys admin, he/she will tell you in a second. Even though it is set up with AD and that is rather common their are many possibilities for set up and it is most likely not set up over wireless.

sauce
  • 592
  • 4
  • 9
  • 25