Zyxel ATP500 WLAN controller and authentication

bav
bav Posts: 20  Freshman Member
First Comment
edited May 21 in Wireless

Hello!

Would it be possible to authenticate wireless clients on AD via machine authentication?

Wireless client connect to dedicated SSID and put no credentials since authenticating based on domain computer name.

Is there any need of Radius between?

Accepted Solution

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,584  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @bav ,

    APC-managed AP mode does not support direct computer domain authentication to the AD server without the use of RADIUS.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

All Replies

  • smb_corp_user
    smb_corp_user Posts: 168  Master Member
    5 Answers First Comment Friend Collector Second Anniversary

    From my own experience, this is the difference between Windows Home edition and Windows Professional computers being members of the AD domain. Domain members have access to domain shared resources like printers, SQL server database, file shares, and other domain computers.

    Windows Home computers do not have this access through wireless connections (our WiFi being configured as Access Point only) and have to be wire connected (LAN ethernet cable) to access the same resources via NetBT transport.

    Not sure if this answers your question or if there are other limitations in your scenario.

  • bav
    bav Posts: 20  Freshman Member
    First Comment

    As far as I know Home edition can not join Domain. We have Pro and Enterprise and they are in domain.

    The question is how to set wireless client authentication in AD →Domain Computers group? In this case user should not enter any credentials. If laptop is a member of this Group it should get an access. Othewise get block.

    Yes, it is not most secure solution, but for the first step its enough. Later we will add user based authentication as well.

    Any thoughts?

  • smb_corp_user
    smb_corp_user Posts: 168  Master Member
    5 Answers First Comment Friend Collector Second Anniversary

    OK, I see. This is more than I have looked into, since I have not worked with SSO-solutions combining Microsoft with hardware OEM solutions. I defer to the Zyxel Team members and other Pro users who may have used solutions like that to get suggestions of how SSO is handled by Zyxel.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @bav

    May we know if you intend to use the ATP500 as the AP controller to manage the Zyxel APs and allow WiFi clients to join the organization's domain? Thank you.


    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

  • bav
    bav Posts: 20  Freshman Member
    First Comment
    edited April 22

    Yes! APC is on the ATP500 and all users should get auhtentication via ATP against the AD

    There are some auth methods available: AD, LDAP,RADIUS.

    So, I would like to know would it be possible to have AD(users in Security group) direct authorization without any proxies like Radius and so on?

    I have seen a lot of examples where radius (NPS) is taking part in AD authentication. But would it be possible to get rid off the Radius?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,584  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
    Answer ✓

    Hi @bav ,

    APC-managed AP mode does not support direct computer domain authentication to the AD server without the use of RADIUS.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community

  • bav
    bav Posts: 20  Freshman Member
    First Comment

    Thanks for reply!

    It is clear now!

    So, just user authentication in AD available without Radius deployed?

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,584  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @bav ,

    Currently, Zyxel APs do not support AD authentication natively. If you need to use AD, we recommend setting it up through a NPS that communicates with the AD server.

    We are pleased to inform you that AD authentication is on our feature development roadmap. For updates and enhancements, please follow our Wireless News & Release.

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP!

    https://bit.ly/2024_Survey_Community