Wireless (General)

Expand all | Collapse all

Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

  • 1.  Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-20-2017 17:54
    Hello, everybody,

    at the moment I have 120 APs and about 12000 users. Employees's SSID has beautiful authorization webform on Fortigate firewall, users use their Active DIrectory credentials and everything works fine, except I can't see AD accounts of wifi users in Netsight. This makes me very sad(

    But I have an installation of mighty NAC!

    Is there any step-by-step guide how to configure NAC to authorize AD users using a webform?

    Could you please share it!

    Many thanks in advance,

    Ilya


  • 2.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-20-2017 18:28
    Why not use RADIUS auth?


  • 3.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-20-2017 19:55
    You'd use the AD and ExtremeControl could query the user accounts via LDAP.

    Could you post a screenshot of the current web login page that is used - I'd like to see how beautiful it is :-)



  • 4.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-21-2017 13:09
    Could you explain a bit more about the deployment.
    What is the security on the WLAN service - is it open/none or WPA PSK or ECP?


  • 5.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-22-2017 01:43
    You'd want to set up an Authenticated Registration portal in NAC. I couldn't find a step-by-step guide but the manual has everything you need. Is the current SSID using PSK?


  • 6.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-22-2017 14:57
    in the NAC portal choose Authenticated registration. you need to configure AAA to your AD (Radius or LDAP). It should be quite strait forward.

    Good luck.

    Z.


  • 7.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-20-2017 18:28
    Hi,
    what do you mean?

    For sure, I could authorize users over Microsoft NPS. But this is enterprise customers, they need a beautiful web page, not just two input string for login/password.


  • 8.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-20-2017 18:28
    Why's that even a requirement? By utilizing Radius auth you can skip the auth webpage, users simply put in their AD credentials for connecting to the SSID. You then have the users available in Identifi/NetSight and if you enable FSSO polling on the Fortigate you automatically authenticate users for the firewall as well.

    I did this to alleviate double sign-ins.

    http://cookbook.fortinet.com/fsso-polling-mode/



  • 9.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-20-2017 19:55
    It's in Russian, Ron, are you sure?) I'll ask the customer for permission on Monday.

    It would be great if someone post a link to a guide which will help me to configure web login page in NAC)


  • 10.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-21-2017 13:09
    Hi, Ronald,

    sure!

    This is open SSID without authorization. When user connects to the SSID he tries to reach any of Internet resources and gets to Fortigate FG-600 where he asked for his AD credentials (on the beautiful HTTPS login web page).

    That is it!



  • 11.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-22-2017 01:43
    Hi, James,

    it is open SSID. I'll try to play with NAC without a guide(

    Thanks!


  • 12.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-22-2017 14:57
    Hello, Pala,

    Unfortunately, I can't find "Authenticated registrations" menu. I have Netsight 7.

    Where could it be located?





  • 13.  RE: Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

    Posted 10-22-2017 14:57
    Authenticated Registration would be in the portal configurations, in choosing what kind of portal features you are looking for.