cancel
Showing results for 
Search instead for 
Did you mean: 

Active Directory Authentication for WiFi Client

pamuditha_abeys
Contributor
Hi All, 

I have controller-managed AP zone where I need SSID for Active Directory based authentication. Active Directory is located at Branch site and Controller is at HQ. 

I am planning to follow below steps with my current understanding. Need your help to verify my steps. 
1.) Create AAA profile with Active Directory mode, port 369 and Customer AD IP. 
2.) Create SSID with Web Authentication option. 
3.) AD will be locally reachable to AP and no routes through controller. 

Will these steps suffice. ? 
Additionally I do have below queries. 
A.) Can anyone share guide for how setup Windows Server for above requirement. 
B.) Can I customize this web auth portal & Will that be hosted in AP itself? 
C.) Any additional advices would be appreciated as well. 

Thanks
GPMPA
7 REPLIES 7

jakob_peterh_ns
Contributor II
Hi,

I have not tried AAA auth with a web-portal, only 802.1x + WPA2.
On all the sites we've done that, the AAA server is only reachable via a route in the controller, the AP's does not ask directly, but I think that is possible..

In all our setups, we don't use AD directly, but the Radius server in AD. Seems much more reliable, and you don't need to authenticate an AD admin on the box, just have shared secret setup.

There is a guide/article here on the forum somewhere, try search for it.

pamuditha_abeys
Contributor
Thanks for the insights Jacob.
Here customer requires on site AD to be used with web portal.

Thanks

robert_lowe_722
Contributor III
Pretty sure the ZD only works in RADIUS-Proxy mode where controller proxies all AAA messaging. I'll try and find the statement

pamuditha_abeys
Contributor
Hi Robert,
This is a vSZ -H deployment. Usually this supports both proxy and non-proxy mode for AAA. But not sure about AD as well as don't know how to config AD in this scenario.

Thanks
Pamuditha