Hi folks, I was wondering if any of you could give me some insight on Funk’s Odyssey Client (http://www.funk.com/radius/wlan/wlan_c_radius.asp). How does it work in your environment, Cost, user experiences with the client and overall effectiveness.

I have a customer that is currently using it before I walked in the door however it’s not working up to their expectations due to NT authentication issues and users logging into clients when they don’t already have cached credentials on that client.

Any and all insight or experiences with the application would be appreciated.

Thanks.

Planet…

I have no personal experience whatsoever with Funk's client software, but I wanted to make sure and compliment you on that subject line. I've come close to using something similar on 802.1X news stories, but could never bring myself to go through with it...

Thanks Eric.

I’m sure someone here is using it.

The main issue we’re having with it is the inability for a new user to log into the machines that do not have an existing account on them for that particular user.

The customer has a domain that uses domain authentication on the clients to gain access to the network. The issue seems to be with the Odyssey client not starting until after the Windows authentication process has begun, thus requiring a user to log into the machine initially using cached credentials in order to authenticate and allow windows (WXP) to continue loading for the first time and create the account on the machine. However when someone who has never used the machine attempts to login over the wifi connection it fails because the Odyssey client did not yet start and grab an IP from the AP so the authentication process never has a chance to complete. The user then has to plug a cat5 into the “old fashion style” wall jack :)  in order to get an IP address, enter their credentials into the NT login box and allow the authentication process to complete thus creating the locally cached profile and all that jive…

It’s quite the conundrum. :confused:

Using:
2003 domain server
WXP clients
Funk Odyssey client 3.0

Planet, we had a similar issue with the way our network is setup. I believe this is no longer a problem with Funk Oddysey v4.0 however we ended up switching to a program called AEGIS from a company called Meetinghouse (http://www.mtghouse.com/products/aegisclient/index.shtml) . Using that and the Dell Truemobile 1450 minipci card we no longer have an issue with new users logging into the network.

Hope it helps.

Hey that’s great. I'm looking into it now but I don’t know if they'll want to redo everything after they've already paid for the licenses and all but I would think that the original license would cover upgrades to the Odyssey client so I will check that first.

They will also want to have the ability to stay authenticated to the network while roaming around the building from room to room thus AP to AP. I'm certain that this will present a host of other issues as well :eek:

Planet...

I had been a client on a network using Funk. I had it on my wireless PDA. I was not involved with the setup but from what I heard they had a great deal of problems with the CA. The client software would not accept a certificate signed by the issuing CA. I hope this helps.

Thanks MM, I'm finding there to be a serious lack of support from these folks. I did download the latest version as Frozone had mentioned (thanks!) however it wont accept the current licensing info so it looks like these folks are going to have to spend some more money unless I can figure something else out.

They’re talking about possibly upgrading to XP which from what I understand includes the AEGIS protocol. I also heard from a partner that XP has some kind of bug (go figure!) where as when connected over the wifi and roaming from AP to AP the client disconnects and must then be reauthenticated however there is a beta hotfix available by calling Microsoft. Re-authenticating every time they roam to another AP just will not work. They have several applications (AS400, Hyperion, Drive mappings, etc…) that will drop out if the connection fails.

I really wish this stuff didn’t have to be that complicated. I mean, this simply can not be the only company that would like to have laptops roaming around their campus connected to the network over a wifi connection... or are they?

Thank you guys for all and any insight on this topic.

Many of our customers have cited problems like you mentioned as reasons to evaluate other WLAN security systems, so I suspect it's a pretty widespread problem. 802.1x is nothing if not cumbersome!

Although I am having difficulty setting it up at the moment, I will bring another option to light.

Cranite (http://www.cranite.com/) has a system called WirelessWall. It is a firewall, IDS, and it is the only system that is HIPAA approved. It encrypts at Layer 2, so even those IP addresses are hidden.

Actually, there is no such thing as "HIPAA approved". HIPAA lays out guidelines, but does not certify products. Our system, AirFortress, encrypts at Layer 2 as well, and is quite easy to set up. Every VA hospital (all 167) has an AirFortress to protect patient information, as do several private hospital groups around the country. We meet the HIPAA guidelines as does Cranite.

You learn something new every day. I stand correct, thank you JoeTampa.

AirFortress, well known, well respected and more importantly... solid!

Cranite... how is their support?

Thanks!

I was very pleased with the Cranite support. We just requested a newer version and will be performing an upgrade, so there will likely be some challenges over the next few weeks. But to date I have been very impressed with there support.

MM, how are you guys making out with the Cranite install? Any authentication issues or drop outs?

FroZone:

We finally have made significant head way. The system was initially setup by people who are no longer at the organization and who are not in contact with us. We finally discovered that only one part of the Cranite software had been installed. We have both parts installed and are in the process of configuring.

I will continue to post the progress of the system.

I second the Fortress solution easy to install and maintain and rock solid security.