NAC Manager Portal Web Authentication

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hello,

We have a NAC installed with Portal and Authenticated Registration.
However, we want to restrict the authenticated users to a single group in LDAP.
We followed the procedure from the video tutorial, with the User Group to End System Mapping but apparently all users from the AD are able to login instead of restricting it to the LDAP group we want.
How can we make that configuration so that only the users from a certain group can login?

Thanks in advance!
Photo of Tiago Moreira

Tiago Moreira

  • 190 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
Hi,

please take a look into this post and let us know whether that solved the problem...

https://community.extremenetworks.com/extreme/topics/nac_web_authenticated_registration

-Ron
Photo of Tiago Moreira

Tiago Moreira

  • 190 Points 100 badge 2x thumb
I already looked at that topic, but as Michael Kirchner replied, the Web Authenticated Users don't go by that rule.
The configuration is specific in the Portal Configuration, and we already mapped the user group to end system group but the issue is that it allows all users from all groups.
Photo of Joseph Burnsworth

Joseph Burnsworth

  • 2,328 Points 2k badge 2x thumb
I have done this in the past. What you would want to do is, create a new "Web Authenticated Users" (Name it however you see fit) rule. Once created, there is a gear button above the rules and will let you do advanced ordering. With the advanced ordering you can move your newly created rule above the default "Web Authenticated rule. Just make sure that in your new rule, you have the user group specified as a match criteria.

If you have any other questions about this, ill be more than happy to help
Photo of Joseph Burnsworth

Joseph Burnsworth

  • 2,328 Points 2k badge 2x thumb
Has your issue been resolved? If not, please let us know so that we can get this going for you :)
Photo of Tiago Moreira

Tiago Moreira

  • 190 Points 100 badge 2x thumb
Hi Joseph,
The issue has been resolved. We created a rule that denies access to users that weren't on the user group before the portal "Web Authenticated Users" rule. Now it works as it should.

Thank you...
Photo of Joseph Burnsworth

Joseph Burnsworth

  • 2,328 Points 2k badge 2x thumb
Sweet deal! good work!
Photo of Luca Messori

Luca Messori

  • 210 Points 100 badge 2x thumb

Hi,

I'm trying to do the same configuration but I have some problem.

I would like to authenticate captive portal users via LDAP, but I cannot.

Have you got some how-to or suggestion?

I haven't found any document that explain how to do this configuration


Regards