Header Only - DO NOT REMOVE - Extreme Networks

NAC Manager Portal Web Authentication

  • 9 December 2015
  • 7 replies


We have a NAC installed with Portal and Authenticated Registration.
However, we want to restrict the authenticated users to a single group in LDAP.
We followed the procedure from the video tutorial, with the User Group to End System Mapping but apparently all users from the AD are able to login instead of restricting it to the LDAP group we want.
How can we make that configuration so that only the users from a certain group can login?

Thanks in advance!

7 replies

Userlevel 7

please take a look into this post and let us know whether that solved the problem...


I already looked at that topic, but as Michael Kirchner replied, the Web Authenticated Users don't go by that rule.
The configuration is specific in the Portal Configuration, and we already mapped the user group to end system group but the issue is that it allows all users from all groups.

Userlevel 4
I have done this in the past. What you would want to do is, create a new "Web Authenticated Users" (Name it however you see fit) rule. Once created, there is a gear button above the rules and will let you do advanced ordering. With the advanced ordering you can move your newly created rule above the default "Web Authenticated rule. Just make sure that in your new rule, you have the user group specified as a match criteria.

If you have any other questions about this, ill be more than happy to help
Userlevel 4
Has your issue been resolved? If not, please let us know so that we can get this going for you :)
Hi Joseph,
The issue has been resolved. We created a rule that denies access to users that weren't on the user group before the portal "Web Authenticated Users" rule. Now it works as it should.

Thank you...
Userlevel 4
Sweet deal! good work!

I'm trying to do the same configuration but I have some problem.

I would like to authenticate captive portal users via LDAP, but I cannot.

Have you got some how-to or suggestion?

I haven't found any document that explain how to do this configuration