vsz ldap group access

tim_guy_6698086 — Mon, 03 Aug 2020 17:34:50 GMT

I'm trying to get a remote virtual smartzone to connect to AD via ldap. The AD server has a port forward from the firewall, the VSZ is also behind a firewall with all port forwards working. I have SSIDs working with WPA2 personal fine.

I've got device auth working via radius from the APs but the replaced ZD was using a portal to let BYOD devices into the building. To allow https web portal I am trying to configure the controller for guest access rather than the APs.

I have the VSZ talking to the AD via ldap and I can type a wrong username in and it fails, I can type a correct user and it lets me in. So I look it one step further and try and get it to work with AD groups. Using the article https://support.ruckuswireless.com/articles/000010448 is put the required group into the search filter:
eg (objectClass=*)(memberof=CN=BYOD,CN=Users,DC=example,DC=local)

Regardless of if the user is in the group or not the SZ authenticates the user and lets them on.

Also, annoyingly the search filter input box is limited on the number of characters, the real group name I want to use is:
CN=Wireless - BYOD Users,OU=Wireless Configuration,DC=example,DC=local
I was hoping maybe I could use the guid for the search filter to solve the number of characters issue.

A side issues is that the AAA Test doesn't work, the screen greys and the waiting star spins but nothing comes back.

Any suggestions would be appreciated.

Tim

Re: vsz ldap group access

tim_guy_6698086 — Wed, 05 Aug 2020 15:32:03 GMT

Of course you all knew that its not possible!!! And now I know.. So the only possibly option that I can find is Radius and using custom NAS Identifiers in in the conditions (certainly with Windows NAP Servers)

Well that's 3 days of my life Im not going to get back.

Tim

topic vsz ldap group access in SmartZone and Virtual SmartZone

vsz ldap group access

Re: vsz ldap group access