cancel
Showing results for 
Search instead for 
Did you mean: 

Zero-IT Configuration and Default Role

marco_eichstet1
Contributor III
Hi,

i need some help please.
I configured an AAA-Server for my ActiveDirectory and set this AAA-Server for Zero-IT Activation.

After that i created three WLANs (WLAN-A, WLAN-B and WLAN-C) with Zero-IT and DPSK.
In my ActiveDirectory Domain i have also three Groups with the same Name as my WLANs have.
On my ZoneDirector i added also three Roles. One Example given:

Role Name: WLAN-A
Group Attributes: WLAN-A
Specify WLAN Access: WLAN-A

Now i am able to add an User to an specific AD-Group and i am able to control in which WLAN a User can register his device.

First Question:
Is this setup ok or is there a better (smarter) way?

Second Question:
If i want to use "Dynamic PSK Batch Generation" i need all my DPSK-WLANs in the default Role. If i do so each AD-User will be able to get a Zero-IT Config because he will be assigned to the Default-Role even if he is not a member of an AD-Group above. How should i solve this? I don't want to give Users Zero-IT Configs if they are not a Member of the AD-Groups and i additionally want to do PSK Batch Generation.

Many Thanks!
Best Regards
Marco
0 REPLIES 0