Nebula Active Directory Authentication Group Attribute

Mk88_it
Mk88_it Posts: 20  Freshman Member
First Comment Friend Collector Second Anniversary

Hello,

i'm trying to configure Nebula Authentication Server linking my AD server, the integration works as aspected except for Group Memeber Attribute.

In my AD server i have a group called (CN) domain.local/group/WifiGuest, so I wrote in the field the name ""WIfiGuest" but if i try to login with an user included into that group, Captive portal says "auth denied" and in to nebula log i see this message "Failed login attempt to Device from http/https (incorrect password or inexistent username)"

I tried anything but i didn't figure out from this issue.

Could you help me please?

Accepted Solution

  • Mk88_it
    Mk88_it Posts: 20  Freshman Member
    First Comment Friend Collector Second Anniversary
    Answer ✓

    Hi, NCA is right for "FreeWifi" interface. I'm using AD auth for the interface called "hotspot" as you can see.

    However I think I found my mistake: the selected AD Group i would use for auth must be indicated in the "External User Group" section not in the custom options for the "my ad server" section

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,644  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    HI @Mk88_it ,

    To better assist you, please provide:

    1. Your Zyxel device model and firmware version
    2. The username and login timestamp used for Captive Portal access

    Additionally, please enable Zyxel support and provide us with the name of your Nebula organization/site here or via the private message by clinking to my account > Message.

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Mk88_it
    Mk88_it Posts: 20  Freshman Member
    First Comment Friend Collector Second Anniversary

    Hello Judy thanks for your answer,

    1- ATP 500 V5.39(ABFU.0) managed from nebula

    2- login username I used: testuser (windows domain user)

    I also enabled Zyxel support access and sent you a private message

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,644  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Mk88_it ,

    Your current Authentication method, which is set to "Sign-on with Nebula Cloud Authentication," is preventing AD server users from connecting to the network.

    To set up AD authentication for the Captive portal, please follow these steps:

    1. Go to Firewall > Authentication method
    2. Select FreeWifi Interface
    3. Under Sign-on, choose "gallini"
    4. Click the Save button

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Mk88_it
    Mk88_it Posts: 20  Freshman Member
    First Comment Friend Collector Second Anniversary
    Answer ✓

    Hi, NCA is right for "FreeWifi" interface. I'm using AD auth for the interface called "hotspot" as you can see.

    However I think I found my mistake: the selected AD Group i would use for auth must be indicated in the "External User Group" section not in the custom options for the "my ad server" section

  • Mk88_it
    Mk88_it Posts: 20  Freshman Member
    First Comment Friend Collector Second Anniversary

    Ok this is the solution.

    I have only one question: where i can see the AD users connected to that captive portal?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,644  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi there,

    As discussed in our private messages, you can check the event logs to see which AD users are connecting through the captive portal.

    Judy

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Nebula Tips & Tricks