This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

Identifi: What is an easiest way to authenticate users in Active Directory using NAC?

Ilya_Semenov
Contributor

‎10-20-2017 05:54 PM

Hello, everybody,

at the moment I have 120 APs and about 12000 users. Employees's SSID has beautiful authorization webform on Fortigate firewall, users use their Active DIrectory credentials and everything works fine, except I can't see AD accounts of wifi users in Netsight. This makes me very sad(

But I have an installation of mighty NAC!

Is there any step-by-step guide how to configure NAC to authorize AD users using a webform?

Could you please share it!

Many thanks in advance,

Ilya
12 REPLIES 12

Diederik_Kuijpe
New Contributor III

‎10-20-2017 06:28 PM

Why not use RADIUS auth?
0 Kudos

Diederik_Kuijpe
New Contributor III
In response to Diederik_Kuijpe

‎10-20-2017 06:28 PM

Why's that even a requirement? By utilizing Radius auth you can skip the auth webpage, users simply put in their AD credentials for connecting to the SSID. You then have the users available in Identifi/NetSight and if you enable FSSO polling on the Fortigate you automatically authenticate users for the firewall as well.

I did this to alleviate double sign-ins.

http://cookbook.fortinet.com/fsso-polling-mode/

0 Kudos

Ilya_Semenov
Contributor
In response to Diederik_Kuijpe

‎10-20-2017 06:28 PM

Hi,
what do you mean?

For sure, I could authorize users over Microsoft NPS. But this is enterprise customers, they need a beautiful web page, not just two input string for login/password.
0 Kudos
GTM-P2G8KFN