Nebula Active Directory Authentication Group Attribute
Hello,
i'm trying to configure Nebula Authentication Server linking my AD server, the integration works as aspected except for Group Memeber Attribute.
In my AD server i have a group called (CN) domain.local/group/WifiGuest, so I wrote in the field the name ""WIfiGuest" but if i try to login with an user included into that group, Captive portal says "auth denied" and in to nebula log i see this message "Failed login attempt to Device from http/https (incorrect password or inexistent username)"
I tried anything but i didn't figure out from this issue.
Could you help me please?
Accepted Solution
-
Hi, NCA is right for "FreeWifi" interface. I'm using AD auth for the interface called "hotspot" as you can see.
However I think I found my mistake: the selected AD Group i would use for auth must be indicated in the "External User Group" section not in the custom options for the "my ad server" section
0
All Replies
-
HI @Mk88_it ,
To better assist you, please provide:
- Your Zyxel device model and firmware version
- The username and login timestamp used for Captive Portal access
Additionally, please enable Zyxel support and provide us with the name of your Nebula organization/site here or via the private message by clinking to my account > Message.
Judy
See how you've made an impact in Zyxel Community this year!
0 -
Hello Judy thanks for your answer,
1- ATP 500 V5.39(ABFU.0) managed from nebula
2- login username I used: testuser (windows domain user)
I also enabled Zyxel support access and sent you a private message
0 -
Hi @Mk88_it ,
Your current Authentication method, which is set to "Sign-on with Nebula Cloud Authentication," is preventing AD server users from connecting to the network.
To set up AD authentication for the Captive portal, please follow these steps:
- Go to Firewall > Authentication method
- Select FreeWifi Interface
- Under Sign-on, choose "gallini"
- Click the Save button
Judy
See how you've made an impact in Zyxel Community this year!
0 -
Hi, NCA is right for "FreeWifi" interface. I'm using AD auth for the interface called "hotspot" as you can see.
However I think I found my mistake: the selected AD Group i would use for auth must be indicated in the "External User Group" section not in the custom options for the "my ad server" section
0 -
Ok this is the solution.
I have only one question: where i can see the AD users connected to that captive portal?
0 -
Hi there,
As discussed in our private messages, you can check the event logs to see which AD users are connecting through the captive portal.
Judy
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight