This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

users signing into wifi using an AD server

itdept_head_me
Contributor

‎11-01-2020 08:38 PM

Hi,

ok we have a captive page for the general users

1. Enter wifi  password (for encryption) to gain access to non-open AP

2. get thrown over to web page to enter user name & pw  with MS AD as the database

Ok.

A. So  if i need to "block or delete"  a user , it seems it is not possible, once they are authenticated to the database?

Why ?

B. for testing how can i force a reset of the user authentication , if there is an option to "re connect without re-authentication"

C. What is a normal value for   "re connect without re-authentication"? maybe  90 minutes so they can get lunch/ a week ?

and yes i know.. it depends on the scenario.. but what is generally found to work ?

0 Kudos
2 REPLIES 2

eizens_putnins
Valued Contributor II

‎11-02-2020 01:55 AM

Hello,

WEB authentication with AD  is not a very good way to manage users. If users are in AD, you can just use normal Radius authentication, why you want to use WEB authentication at all?  WEB authentication is in fact using MAC authentication after password is checked, which is not very secure.

If you use normal WPA2/Enterprise with Radius/AD, you have encryption without  need for separately adding password, and it is unique for each user and each session. The only complication is that you need to configure NPS role on some your Windows server, but it is simple and doesn't cost anything.

About delete user -- this option works, but windows normally reconnects very fast, so it  looks as it is not working.

About block user - it should work, disabling access for user permanently (it blocks user MAC).

Grace period is set for WLAN, and it can be set for 90 min, as you mention, but  I would avoid using WEB authentication at all.

With WPA2/Enterprise and Radius you don't care about grace period that much  (for grace period authentication in cached and no Radius requests are sent), as after the first connection Windows handles authentication  automatically, without user entering anything (you just need to install Radius server certificate, or accept that you are not checking it). There is good manual on Ruckus support how to configure that.

Hope this helps.

0 Kudos

itdept_head_me
Contributor

‎11-02-2020 02:01 AM

The network is in no state to use Radius...

too much legacy kit.... some of which is consumer..

you work with what you have , not what your ideal world is.

0 Kudos
Copyright © 2024 Khoros, LLC