ExtremeWireless (WiNG)

Expand all | Collapse all

7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

  • 1.  7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

    Posted 05-23-2017 03:32
    Hi. Is this setup possible? I need help setting this up if this is a possible setup. TIA.


  • 2.  RE: 7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

    Posted 05-23-2017 04:30
    Hi,
    what do you mean with "integrated with AD"? I think you'll do 802.1x with EAP-MSCHAPv2 or do you will use the AD to get CLI/GUI access?

    I prefer to use a Windows NPS instead of internal AAA. But you can use also the internal AAA and refer to a AD group to get access. Is this what you are looking for?

    BR,
    Timo


  • 3.  RE: 7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

    Posted 05-23-2017 17:37
    Ronaldo,

    this is quite specific design question, but in general - yes, it is possible.

    AP is capable of both roles - authenticator and authentication server. You may either use LDAP to query user, or forward EAP-TLS requests to NPS
    All depends on a required desing.

    Let us know if you need more details.

    Regards,
    Ondrej


  • 4.  RE: 7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

    Posted 05-23-2017 04:30
    The setup goes like this, when the user logged in his/her AD account, he will be automatically be connected to the wireless network. The AP will use the user's AD login credential as authentication. Will this be okay?


  • 5.  RE: 7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

    Posted 05-23-2017 04:30
    Hi,
    that will work. Search for "WiNG 5.X How-To - Active Directory Authentication". This PDF include all descriptions for the scenario.

    Do you have a PKI? I prefer to provide a private certificate for every AP to secure the authentication. Biggest problem with MSCHAPv2 is, that most people disable the certificate validation. Use a trusted certificate or publish the AP certificate to every computer via GPO. Do not disable certificate validation!