7522 AP (as a controller) to be integrated with Windows Active Directory authentication.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-23-2017 03:32 AM
Hi. Is this setup possible? I need help setting this up if this is a possible setup. TIA.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-23-2017 05:37 PM
Ronaldo,
this is quite specific design question, but in general - yes, it is possible.
AP is capable of both roles - authenticator and authentication server. You may either use LDAP to query user, or forward EAP-TLS requests to NPS
All depends on a required desing.
Let us know if you need more details.
Regards,
Ondrej
this is quite specific design question, but in general - yes, it is possible.
AP is capable of both roles - authenticator and authentication server. You may either use LDAP to query user, or forward EAP-TLS requests to NPS
All depends on a required desing.
Let us know if you need more details.
Regards,
Ondrej
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-23-2017 04:30 AM
Hi,
what do you mean with "integrated with AD"? I think you'll do 802.1x with EAP-MSCHAPv2 or do you will use the AD to get CLI/GUI access?
I prefer to use a Windows NPS instead of internal AAA. But you can use also the internal AAA and refer to a AD group to get access. Is this what you are looking for?
BR,
Timo
what do you mean with "integrated with AD"? I think you'll do 802.1x with EAP-MSCHAPv2 or do you will use the AD to get CLI/GUI access?
I prefer to use a Windows NPS instead of internal AAA. But you can use also the internal AAA and refer to a AD group to get access. Is this what you are looking for?
BR,
Timo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-23-2017 04:30 AM
Hi,
that will work. Search for "WiNG 5.X How-To - Active Directory Authentication". This PDF include all descriptions for the scenario.
Do you have a PKI? I prefer to provide a private certificate for every AP to secure the authentication. Biggest problem with MSCHAPv2 is, that most people disable the certificate validation. Use a trusted certificate or publish the AP certificate to every computer via GPO. Do not disable certificate validation!
that will work. Search for "WiNG 5.X How-To - Active Directory Authentication". This PDF include all descriptions for the scenario.
Do you have a PKI? I prefer to provide a private certificate for every AP to secure the authentication. Biggest problem with MSCHAPv2 is, that most people disable the certificate validation. Use a trusted certificate or publish the AP certificate to every computer via GPO. Do not disable certificate validation!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-23-2017 04:30 AM
The setup goes like this, when the user logged in his/her AD account, he will be automatically be connected to the wireless network. The AP will use the user's AD login credential as authentication. Will this be okay?
