I currently have ZD1200 set up using local database which binds the user to a specific mac address when they connect so the code cannot be used multiple times. Is there a way to use Radius/AD so that the user can connect a device to the SSID using their AD credentials, then that device is bound to those credentials so they can't connect another device with the same credentials (until an admin goes into ZD and deletes that binding)?
With RADIUS/AD, you cannot limit the number of concurrent logins. Instead, you could use DPSK where each device (mac) is tied to a unique key. If using zero-it to allow users to self-provision (as opposed to batch provisioning), each unique key will be associated with a user's name in the controller. You can also limit the number of keys per user to 1, 2, 3, 4, or unlimited.
Just looking at some documentation with regards to Zero-IT and DPSK, in the set up it talked about using 802.1X EAP as the authentication option. Would that work the same, Zero-IT would use Radius (Windows Server) to authenticate, then the user would be assigned a DPSK, which has been bound to that devices MAC address, and I could limit the number of keys to 1 or 2?
What controller are you using and how many users? Configuring external DPSK is very complicated and would normally be used only when the required number of DPSKs exceeds the max that a controller can manage.
Its a ZD1200. For one site there are around 30 staff, which isn't many, however currently any DPSK codes are manually created, and I'm not on site all the time, so was hoping to have a way to let them connect devices without needing to a code to be manually created.
So should I just create a list of users in the local database?
Also what is the procedure when they connect, is there any documentation which shows this as that might help me understand the process and how to best set it up for our needs.