7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hi. Is this setup possible? I need help setting this up if this is a  possible setup. TIA.
Photo of Ronaldo Asimao

Ronaldo Asimao

  • 330 Points 250 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Timo

Timo

  • 3,210 Points 3k badge 2x thumb
Hi,
what do you mean with "integrated with AD"? I think you'll do 802.1x with EAP-MSCHAPv2 or do you will use the AD to get CLI/GUI access?

I prefer to use a Windows NPS instead of internal AAA. But you can use also the internal AAA and refer to a AD group to get access. Is this what you are looking for?

BR,
Timo
Photo of Ronaldo Asimao

Ronaldo Asimao

  • 330 Points 250 badge 2x thumb
The setup goes like this, when the user logged in his/her AD account, he will be automatically be connected to the wireless network. The AP will use the user's AD login credential as authentication. Will this be okay?
Photo of Timo

Timo

  • 3,210 Points 3k badge 2x thumb
Hi,
that will work. Search for "WiNG 5.X How-To - Active Directory Authentication". This PDF include all descriptions for the scenario.

Do you have a PKI? I prefer to provide a private certificate for every AP to secure the authentication. Biggest problem with MSCHAPv2 is, that most people disable the certificate validation. Use a trusted certificate or publish the AP certificate to every computer via GPO. Do not disable certificate validation!
Photo of Ondrej Lepa

Ondrej Lepa, Employee

  • 5,238 Points 5k badge 2x thumb
Ronaldo,

this is quite specific design question, but in general - yes, it is possible.

AP is capable of both roles - authenticator and authentication server. You may either use LDAP to query user, or forward EAP-TLS requests to NPS
All depends on a required desing.

Let us know if you need more details.

Regards,
Ondrej