I have controller-managed AP zone where I need SSID for Active Directory based authentication. Active Directory is located at Branch site and Controller is at HQ.
I am planning to follow below steps with my current understanding. Need your help to verify my steps. 1.) Create AAA profile with Active Directory mode, port 369 and Customer AD IP. 2.) Create SSID with Web Authentication option. 3.) AD will be locally reachable to AP and no routes through controller.
Will these steps suffice. ? Additionally I do have below queries. A.) Can anyone share guide for how setup Windows Server for above requirement. B.) Can I customize this web auth portal & Will that be hosted in AP itself? C.) Any additional advices would be appreciated as well.
I have not tried AAA auth with a web-portal, only 802.1x + WPA2. On all the sites we've done that, the AAA server is only reachable via a route in the controller, the AP's does not ask directly, but I think that is possible..
In all our setups, we don't use AD directly, but the Radius server in AD. Seems much more reliable, and you don't need to authenticate an AD admin on the box, just have shared secret setup.
There is a guide/article here on the forum somewhere, try search for it.