Any one know that does Hive-manager support using LDAP for WIFI ssid authentication?
We hate to use radius as hardly to deploy self-sign CA to mobile device.
Or, please advise any alternative method.
Security always stops us to use the right thing in right and not helping people.
We can set up an 802.1x SSID that links to an LDAP server that you have set up, is that what you were looking for?
Then I don't need to setup Radius on that LDPA server and still can use the Ad account for user to connect the SSID without deployin the CA.
Is that right>?
I'm sorry, I'm not sure what you're asking here. You can either link the AP to an external Radius server (using AD and LDAP if you'd like) that you already have set up. Or we can host a Radius server on an AP that uses LDAP and connects to your AD server that you have set up. If the Radius server in use has a certificate (CA), then the client devices will need the certificate as well.
This one, seems the formal deployment need Network policy server for the CA, we don't want to use it but also able to use AD account for the User Authentication.
Might have some procedure document / brief steps to do this thing?
Appreciate your helps.
The Radius server on the AP can use self signed certificates, so no CA is needed. If your external Radius server needs certificates, maybe try giving it the default certificates from the HiveManager? Or possibly ask your Radius support if there is a way to get around using the CA.
I will say if you use the self signed certificates then you'll get a message when users try to connect that tells them the site may not be safe and they'll have to choose to continue browsing. The only way around that would be to use a third party certificate.
We wouldn't have documentation for your external Radius server or AD, but this guide reviews how to set up Radius and tie in to an AD on the HiveManager- https://thehivecommunity.aerohive.com/s/article/Radius-SSID-in-NG
Let me be very clear, like to without installing NPS but able to use AD account for WIFI authentication.
As long as we can pass traffic from your AD to the Radius server we can do this. You would create an internal Radius server linked to an external AD database, and you can use the self signed certificate with the Radius server hosted on the AP.
Contact Us:Sam PirokCommunity@extremenetworks.com