Zyxel ATP500 WLAN controller and authentication

Options
bav
bav Posts: 20  Freshman Member
10 Comments
edited May 21 in Wireless

Hello!

Would it be possible to authenticate wireless clients on AD via machine authentication?

Wireless client connect to dedicated SSID and put no credentials since authenticating based on domain computer name.

Is there any need of Radius between?

Accepted Solution

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,034  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @bav ,

    APC-managed AP mode does not support direct computer domain authentication to the AD server without the use of RADIUS.

    Be a Community MVP: Win a VIP Deal Dash on Your Next Zyxel Purchase!

All Replies

  • smb_corp_user
    smb_corp_user Posts: 161  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    From my own experience, this is the difference between Windows Home edition and Windows Professional computers being members of the AD domain. Domain members have access to domain shared resources like printers, SQL server database, file shares, and other domain computers.

    Windows Home computers do not have this access through wireless connections (our WiFi being configured as Access Point only) and have to be wire connected (LAN ethernet cable) to access the same resources via NetBT transport.

    Not sure if this answers your question or if there are other limitations in your scenario.

  • bav
    bav Posts: 20  Freshman Member
    10 Comments
    Options

    As far as I know Home edition can not join Domain. We have Pro and Enterprise and they are in domain.

    The question is how to set wireless client authentication in AD →Domain Computers group? In this case user should not enter any credentials. If laptop is a member of this Group it should get an access. Othewise get block.

    Yes, it is not most secure solution, but for the first step its enough. Later we will add user based authentication as well.

    Any thoughts?

  • smb_corp_user
    smb_corp_user Posts: 161  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    OK, I see. This is more than I have looked into, since I have not worked with SSO-solutions combining Microsoft with hardware OEM solutions. I defer to the Zyxel Team members and other Pro users who may have used solutions like that to get suggestions of how SSO is handled by Zyxel.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,104  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @bav

    May we know if you intend to use the ATP500 as the AP controller to manage the Zyxel APs and allow WiFi clients to join the organization's domain? Thank you.

  • bav
    bav Posts: 20  Freshman Member
    10 Comments
    edited April 22
    Options

    Yes! APC is on the ATP500 and all users should get auhtentication via ATP against the AD

    There are some auth methods available: AD, LDAP,RADIUS.

    So, I would like to know would it be possible to have AD(users in Security group) direct authorization without any proxies like Radius and so on?

    I have seen a lot of examples where radius (NPS) is taking part in AD authentication. But would it be possible to get rid off the Radius?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,034  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @bav ,

    APC-managed AP mode does not support direct computer domain authentication to the AD server without the use of RADIUS.

    Be a Community MVP: Win a VIP Deal Dash on Your Next Zyxel Purchase!

  • bav
    bav Posts: 20  Freshman Member
    10 Comments
    Options

    Thanks for reply!

    It is clear now!

    So, just user authentication in AD available without Radius deployed?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,034  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @bav ,

    Currently, Zyxel APs do not support AD authentication natively. If you need to use AD, we recommend setting it up through a NPS that communicates with the AD server.

    We are pleased to inform you that AD authentication is on our feature development roadmap. For updates and enhancements, please follow our Wireless News & Release.

    Be a Community MVP: Win a VIP Deal Dash on Your Next Zyxel Purchase!