Zyxel ATP500 WLAN controller and authentication
Hello!
Would it be possible to authenticate wireless clients on AD via machine authentication?
Wireless client connect to dedicated SSID and put no credentials since authenticating based on domain computer name.
Is there any need of Radius between?
Accepted Solution
-
Hi @bav ,
APC-managed AP mode does not support direct computer domain authentication to the AD server without the use of RADIUS.
Judy
See how you've made an impact in Zyxel Community this year!
0
All Replies
-
From my own experience, this is the difference between Windows Home edition and Windows Professional computers being members of the AD domain. Domain members have access to domain shared resources like printers, SQL server database, file shares, and other domain computers.
Windows Home computers do not have this access through wireless connections (our WiFi being configured as Access Point only) and have to be wire connected (LAN ethernet cable) to access the same resources via NetBT transport.
Not sure if this answers your question or if there are other limitations in your scenario.
0 -
As far as I know Home edition can not join Domain. We have Pro and Enterprise and they are in domain.
The question is how to set wireless client authentication in AD →Domain Computers group? In this case user should not enter any credentials. If laptop is a member of this Group it should get an access. Othewise get block.
Yes, it is not most secure solution, but for the first step its enough. Later we will add user based authentication as well.
Any thoughts?
0 -
OK, I see. This is more than I have looked into, since I have not worked with SSO-solutions combining Microsoft with hardware OEM solutions. I defer to the Zyxel Team members and other Pro users who may have used solutions like that to get suggestions of how SSO is handled by Zyxel.
0 -
Hi @bav
May we know if you intend to use the ATP500 as the AP controller to manage the Zyxel APs and allow WiFi clients to join the organization's domain? Thank you.
See how you've made an impact in Zyxel Community this year!
0 -
Yes! APC is on the ATP500 and all users should get auhtentication via ATP against the AD
There are some auth methods available: AD, LDAP,RADIUS.
So, I would like to know would it be possible to have AD(users in Security group) direct authorization without any proxies like Radius and so on?
I have seen a lot of examples where radius (NPS) is taking part in AD authentication. But would it be possible to get rid off the Radius?
0 -
Hi @bav ,
APC-managed AP mode does not support direct computer domain authentication to the AD server without the use of RADIUS.
Judy
See how you've made an impact in Zyxel Community this year!
0 -
Thanks for reply!
It is clear now!
So, just user authentication in AD available without Radius deployed?
0 -
Hi @bav ,
Currently, Zyxel APs do not support AD authentication natively. If you need to use AD, we recommend setting it up through a NPS that communicates with the AD server.
We are pleased to inform you that AD authentication is on our feature development roadmap. For updates and enhancements, please follow our Wireless News & Release.
Judy
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight