USG FLEX 200 with LDAP: Restrict WPA2-Enterprise login to specific AD group




Hi everyone,
I'm using a USG FLEX 200 as an AP controller for several WAC6103D access points.
I want to use WPA2-Enterprise authentication with LDAP (Active Directory).
So far, the connection works. My current Base DN is:
CN=Users,DC=ad,DC=mynet,DC=de
However, I want to restrict authentication to only users in the group:
CN=Mitarbeiter,CN=Users,DC=ad,DC=mynet,DC=de
My question:
How can I configure the Zyxel system to only allow authentication for that specific group?
Is there a way to apply an LDAP filter or similar method?
Thanks in advance!
PS:
Important note: Changing the structure of the AD tree is not an option.
Migrated from NXC2500 to USG Flex 200 with hope for a Solution :-)
All Replies
-
Hi @nxc_neuling ,
Based on your description, it seems like the CN=Mitarbeiter is contained within CN=Users, making CN=Users the parent/mother folder. There is no way to configure the Zyxel firewall to allow authentication for users in the parent/mother folder on AP server while restricting authentication for another group within it.
0
Categories
- All Categories
- 429 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 350 USG FLEX H Series
- 291 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 406 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight