ok we have a captive page for the general users
1. Enter wifi password (for encryption) to gain access to non-open AP
2. get thrown over to web page to enter user name & pw with MS AD as the database
A. So if i need to "block or delete" a user , it seems it is not possible, once they are authenticated to the database?
B. for testing how can i force a reset of the user authentication , if there is an option to "re connect without re-authentication"
C. What is a normal value for "re connect without re-authentication"? maybe 90 minutes so they can get lunch/ a week ?
and yes i know.. it depends on the scenario.. but what is generally found to work ?
WEB authentication with AD is not a very good way to manage users. If users are in AD, you can just use normal Radius authentication, why you want to use WEB authentication at all? WEB authentication is in fact using MAC authentication after password is checked, which is not very secure.
If you use normal WPA2/Enterprise with Radius/AD, you have encryption without need for separately adding password, and it is unique for each user and each session. The only complication is that you need to configure NPS role on some your Windows server, but it is simple and doesn't cost anything.
About delete user -- this option works, but windows normally reconnects very fast, so it looks as it is not working.
About block user - it should work, disabling access for user permanently (it blocks user MAC).
Grace period is set for WLAN, and it can be set for 90 min, as you mention, but I would avoid using WEB authentication at all.
With WPA2/Enterprise and Radius you don't care about grace period that much (for grace period authentication in cached and no Radius requests are sent), as after the first connection Windows handles authentication automatically, without user entering anything (you just need to install Radius server certificate, or accept that you are not checking it). There is good manual on Ruckus support how to configure that.
Hope this helps.