Security

Reply
Occasional Contributor I
Posts: 8
Registered: ‎03-26-2015

Controller Authentication against Windows NPS

i have multiple  SSID get authenticated against a Windows Active Directory acting as a Radius Server using NPS, how do i force the authentication for every SSID to be against one Active directory user group.

MVP
Posts: 702
Registered: ‎03-25-2009

Re: Controller Authentication against Windows NPS

Your NPS config should have 1 or more network policies.

In the applicable network policies you can add a condition "User Groups".  Any user not belonging to the User Group you configure there will fail that network policy and be denied access.

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Controller Authentication against Windows NPS

Hi,

 

You can meet your requirement by the following steps,

1. Configure VAP profile and Map SSID and AAA profile to VAP profile, how many SSIDs you want to broadcast those many VAP profiles are needed. all thse VAP profiles should have unique SSID profiles but you can map the same AAA profile to all the VAP profiles.

 

2. Create a RADIUS server ( Configuration-->Authentication-->Servers) and map this server to a server-group

3. map the server-group to the AAA profile which was mapped to the VAP profile.

 

The above steps will insists whole traffic of all SSIDS to the server configured and mapped to the server-group.

 

4. in NPS create a Remote access policy mapping to the user group with access policy, here we can configure any number of policies and the execution will be top to bottom. if the authenticating user do not belongs to any of the user group mapped in the policy will be denied.

 

For your ref :

IAS1.png

ias2.png

 

This requirement is very easy and flexible with CPPM. if you get a chance try with CPPM.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Search Airheads
Showing results for 
Search instead for 
Did you mean: