cancel
Showing results for 
Search instead for 
Did you mean: 

7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

7522 AP (as a controller) to be integrated with Windows Active Directory authentication.

Ronaldo_Asimao
New Contributor
Hi. Is this setup possible? I need help setting this up if this is a possible setup. TIA.
4 REPLIES 4

Ondrej_Lepa
Extreme Employee
Ronaldo,

this is quite specific design question, but in general - yes, it is possible.

AP is capable of both roles - authenticator and authentication server. You may either use LDAP to query user, or forward EAP-TLS requests to NPS
All depends on a required desing.

Let us know if you need more details.

Regards,
Ondrej

Timo1
New Contributor II
Hi,
what do you mean with "integrated with AD"? I think you'll do 802.1x with EAP-MSCHAPv2 or do you will use the AD to get CLI/GUI access?

I prefer to use a Windows NPS instead of internal AAA. But you can use also the internal AAA and refer to a AD group to get access. Is this what you are looking for?

BR,
Timo

Timo1
New Contributor II
Hi,
that will work. Search for "WiNG 5.X How-To - Active Directory Authentication". This PDF include all descriptions for the scenario.

Do you have a PKI? I prefer to provide a private certificate for every AP to secure the authentication. Biggest problem with MSCHAPv2 is, that most people disable the certificate validation. Use a trusted certificate or publish the AP certificate to every computer via GPO. Do not disable certificate validation!

The setup goes like this, when the user logged in his/her AD account, he will be automatically be connected to the wireless network. The AP will use the user's AD login credential as authentication. Will this be okay?
GTM-P2G8KFN