USG FLEX 200 with LDAP: Restrict WPA2-Enterprise login to specific AD group

nxc_neuling
nxc_neuling Posts: 3  Freshman Member
First Comment Fifth Anniversary

Hi everyone,

I'm using a USG FLEX 200 as an AP controller for several WAC6103D access points.
I want to use WPA2-Enterprise authentication with LDAP (Active Directory).

So far, the connection works. My current Base DN is:

CN=Users,DC=ad,DC=mynet,DC=de

However, I want to restrict authentication to only users in the group:

CN=Mitarbeiter,CN=Users,DC=ad,DC=mynet,DC=de

My question:
How can I configure the Zyxel system to only allow authentication for that specific group?
Is there a way to apply an LDAP filter or similar method?

Thanks in advance!

PS:

Important note: Changing the structure of the AD tree is not an option.
Migrated from NXC2500 to USG Flex 200 with hope for a Solution :-)

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,102  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    edited March 31

    Hi @nxc_neuling ,

    Based on your description, it seems like the CN=Mitarbeiter is contained within CN=Users, making CN=Users the parent/mother folder. There is no way to configure the Zyxel firewall to allow authentication for users in the parent/mother folder on AP server while restricting authentication for another group within it.