This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

Ronaldo_Asimao
New Contributor

‎05-23-2017 03:32 AM

Hi. Is this setup possible? I need help setting this up if this is a possible setup. TIA.
0 Kudos
4 REPLIES 4

Ondrej_Lepa
Extreme Employee

‎05-23-2017 05:37 PM

Ronaldo,

this is quite specific design question, but in general - yes, it is possible.

AP is capable of both roles - authenticator and authentication server. You may either use LDAP to query user, or forward EAP-TLS requests to NPS
All depends on a required desing.

Let us know if you need more details.

Regards,
Ondrej
0 Kudos

Timo1
New Contributor II

‎05-23-2017 04:30 AM

Hi,
what do you mean with "integrated with AD"? I think you'll do 802.1x with EAP-MSCHAPv2 or do you will use the AD to get CLI/GUI access?

I prefer to use a Windows NPS instead of internal AAA. But you can use also the internal AAA and refer to a AD group to get access. Is this what you are looking for?

BR,
Timo
0 Kudos

Timo1
New Contributor II
In response to Timo1

‎05-23-2017 04:30 AM

Hi,
that will work. Search for "WiNG 5.X How-To - Active Directory Authentication". This PDF include all descriptions for the scenario.

Do you have a PKI? I prefer to provide a private certificate for every AP to secure the authentication. Biggest problem with MSCHAPv2 is, that most people disable the certificate validation. Use a trusted certificate or publish the AP certificate to every computer via GPO. Do not disable certificate validation!

0 Kudos

Ronaldo_Asimao
New Contributor
In response to Timo1

‎05-23-2017 04:30 AM

The setup goes like this, when the user logged in his/her AD account, he will be automatically be connected to the wireless network. The AP will use the user's AD login credential as authentication. Will this be okay?
0 Kudos
GTM-P2G8KFN