This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
- Community
- RUCKUS Technologies
- RUCKUS Lennar Support
- Community Services
- RTF
- RTF Community
- Australia and New Zealand – English
- Brazil – Português
- China – 简体中文
- France – Français
- Germany – Deutsch
- Hong Kong – 繁體中文
- India – English
- Indonesia – bahasa Indonesia
- Italy – Italiano
- Japan – 日本語
- Korea – 한국어
- Latin America – Español (Latinoamérica)
- Middle East & Africa – English
- Netherlands – Nederlands
- Nordics – English
- North America – English
- Poland – polski
- Russia – Русский
- Singapore, Malaysia, and Philippines – English
- Spain – Español
- Taiwan – 繁體中文
- Thailand – ไทย
- Turkey – Türkçe
- United Kingdom – English
- EOL Products
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- RUCKUS Forums
- RUCKUS Technologies
- SZ / vSZ
- vSZ 5.1.x Administrators - Active Directory
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
vSZ 5.1.x Administrators - Active Directory
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-17-2020 08:55 AM
Hi
I have a vSZ (v5.1.2.0.302), and am trying to configure an AAA server for SmartZone Administrators. The manual doesn't seem to be giving me what I need - or at least, I'm not seeing the wood for the trees. I also have a couple of questions to follow..
I've configured an AAA AD server: Administrators -> Admins & Roles -> AAA:
Name: domain.local
Type: Active Directory
Realm: domain.local
Default Role Mapping: Off
IP address: 1.2.3.4
Port: 389
Windows Domain Name: dc=domain,dc=local
Test AAA is a success, but:
1. How do I actually add AD users or groups to 'Administrators'?
2. How can I add a second Domain Controller?
3. Port 389 is essentially LDAP in plain text - if I choose port 636 (LDAPS) - it fails. How do I secure comms to the Domain Controller?
New to the World of SmartZones, so forgive me for the basics..
Cheers, James
I have a vSZ (v5.1.2.0.302), and am trying to configure an AAA server for SmartZone Administrators. The manual doesn't seem to be giving me what I need - or at least, I'm not seeing the wood for the trees. I also have a couple of questions to follow..
I've configured an AAA AD server: Administrators -> Admins & Roles -> AAA:
Name: domain.local
Type: Active Directory
Realm: domain.local
Default Role Mapping: Off
IP address: 1.2.3.4
Port: 389
Windows Domain Name: dc=domain,dc=local
Test AAA is a success, but:
1. How do I actually add AD users or groups to 'Administrators'?
2. How can I add a second Domain Controller?
3. Port 389 is essentially LDAP in plain text - if I choose port 636 (LDAPS) - it fails. How do I secure comms to the Domain Controller?
New to the World of SmartZones, so forgive me for the basics..
Cheers, James
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2020 01:08 PM
I just got off the phone with Ruckus to figure this out as well. For starters, the second answer given to you here is just weird/wrong, don't go that direction with running lpd.exe on the AD server.
What follows relates to release 5.2.0.0.699.
1. How do I actually add AD users or groups to 'Administrators'?
Review pages 426-427 of the Ruckus SmartZone 100 and Virtual SmartZone-Essentials Administrator Guide, 5.1.2. Where I got stuck though is they had a typo on the AD Group name you have to create which I'll highlight below.
So here's how it works, and if you ask me, this is retarded compared to the way ZoneDirector did it, but at least it gets us back to what we had before.
Under Administration -> Admins and Roles, do the following:
AAA Tab:
- Setup an AD entry just like you have listed above with Default Role Mapping off, port 389.
Administrators Tab:
- Create a local user on the SZ, for example call it "SuperAdmins". Put in some crazy long and difficult password as this will NEVER be used for actually signing. It doesn't even matter if you remember it afterwards.
Groups Tab:
- Create a group (Example call it "Super Admins Group" with all rights) and then assign the user you just created to this group (in this case, assign the user "SuperAdmins" to this group.)
Back on your AD server, do the following.
- Create a group in AD called "Ruckus-WSG-User-[username]" (this is the typo on their docs, they have it listed as "Ruckus-WSG-[username]" which is wrong.)
- As example, create the group "Ruckus-WSG-User-SuperAdmins"
- Assign the users to this group that you want to have Super Admin Group access.
Back to your SZ, go to the AAA tab and test with a user, and it should be assigned the "Super Admin Group" (or whatever) Role.
2. How can I add a second Domain Controller?
- You can't for AD (currently.) You can for Radius, but not for AD. How fun!
3. Port 389 is essentially LDAP in plain text - if I choose port 636 (LDAPS) - it fails. How do I secure comms to the Domain Controller?
- You can't. We apparently lost that security feature in SZ. You can have TLS encryption when you use AD for standard user authentication such as to authenticate to a portal, but not for the Administrator login to the web site. Brilliant, right? All we can do is complain to gain this feature back.
What follows relates to release 5.2.0.0.699.
1. How do I actually add AD users or groups to 'Administrators'?
Review pages 426-427 of the Ruckus SmartZone 100 and Virtual SmartZone-Essentials Administrator Guide, 5.1.2. Where I got stuck though is they had a typo on the AD Group name you have to create which I'll highlight below.
So here's how it works, and if you ask me, this is retarded compared to the way ZoneDirector did it, but at least it gets us back to what we had before.
Under Administration -> Admins and Roles, do the following:
AAA Tab:
- Setup an AD entry just like you have listed above with Default Role Mapping off, port 389.
Administrators Tab:
- Create a local user on the SZ, for example call it "SuperAdmins". Put in some crazy long and difficult password as this will NEVER be used for actually signing. It doesn't even matter if you remember it afterwards.
Groups Tab:
- Create a group (Example call it "Super Admins Group" with all rights) and then assign the user you just created to this group (in this case, assign the user "SuperAdmins" to this group.)
Back on your AD server, do the following.
- Create a group in AD called "Ruckus-WSG-User-[username]" (this is the typo on their docs, they have it listed as "Ruckus-WSG-[username]" which is wrong.)
- As example, create the group "Ruckus-WSG-User-SuperAdmins"
- Assign the users to this group that you want to have Super Admin Group access.
Back to your SZ, go to the AAA tab and test with a user, and it should be assigned the "Super Admin Group" (or whatever) Role.
2. How can I add a second Domain Controller?
- You can't for AD (currently.) You can for Radius, but not for AD. How fun!
3. Port 389 is essentially LDAP in plain text - if I choose port 636 (LDAPS) - it fails. How do I secure comms to the Domain Controller?
- You can't. We apparently lost that security feature in SZ. You can have TLS encryption when you use AD for standard user authentication such as to authenticate to a portal, but not for the Administrator login to the web site. Brilliant, right? All we can do is complain to gain this feature back.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2020 03:43 AM
Thank you so much for this easy and simple explanation. Pity i didnt find your post earlier!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2020 09:13 AM
This comment should be starred and giving 200 thumbs up. Thank you so much for laying out those instructions so simply. The online knowledge base for VSZ has been so frustrating to dig though and it seems they have majorly over complicated these processes compared to how they worked on the ZD. THANK YOU!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-24-2021 06:22 AM
Do you know if this process work for 6.0 ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-23-2021 07:36 AM
I found this topic accidentally and it reminded my unsuccessful fight for getting the AD-authentication working for management over a year ago for our vSZ cluster 5.1.2.0.302. I also had a ticket open then but it turned out that AD/LDAP is barely supported.
I would like to upgrade to 5.2 and then try once again if there are any changes and perhaps look for the above posts in this thread but I thought I'd put here some moments from the ticket as copy-paste's that I wrote then since I did some extensive testing to get it working and found "interesting" things. This is my first experience with Ruckus and it was a brand new setup.
1. The Administration\Admins and Roles\AAA server with type LDAP and the dialogue window has two mistakes:
1.1. "Admin Domain Name" is wrong, it is actually "Admin Distinguished Name" or shorter "Admin DN" as I saw here:
Labels
-
9210
1 -
AD
1 -
AP Controller Connectivity
1 -
AP Management
3 -
API Help
1 -
Client Management
3 -
er
1 -
Google
1 -
Guest Access
2 -
IP Multicast
1 -
Proposed Solution
3 -
RADIUS
2 -
RUCKUS Self-Help
8 -
SmartZone
4 -
SmartZone or vSZ
6 -
Social Media
1 -
Solution Proposed
3 -
string
1 -
Traffic Management-
1 -
User Management
2 -
vSZ
2 -
Wifi
1 -
WLAN Management
2
- « Previous
- Next »
