i need some help please.
I configured an AAA-Server for my ActiveDirectory and set this AAA-Server for Zero-IT Activation.
After that i created three WLANs (WLAN-A, WLAN-B and WLAN-C) with Zero-IT and DPSK.
In my ActiveDirectory Domain i have also three Groups with the same Name as my WLANs have.
On my ZoneDirector i added also three Roles. One Example given:
Role Name: WLAN-A
Group Attributes: WLAN-A
Specify WLAN Access: WLAN-A
Now i am able to add an User to an specific AD-Group and i am able to control in which WLAN a User can register his device.
Is this setup ok or is there a better (smarter) way?
If i want to use "Dynamic PSK Batch Generation" i need all my DPSK-WLANs in the default Role. If i do so each AD-User will be able to get a Zero-IT Config because he will be assigned to the Default-Role even if he is not a member of an AD-Group above. How should i solve this? I don't want to give Users Zero-IT Configs if they are not a Member of the AD-Groups and i additionally want to do PSK Batch Generation.