How to configure and use Realm in cnPilot E Series Enterprise APs and cnMaestro?

Products Enterprise Wi-Fi Networks
1

Realm Configuration on E-Series/cnMaestro.

Introduction:

When WPA2-Enterprise/802.1x is used for authentication of wireless clients, the user can use user credentials with or without realm to authenticate wireless clients. This document provides an information how to authenticate clients using username with “relam”.

What is Realm?

A realm is commonly appended to a user's user name and delimited with an '@' sign, resembling an email address domain name. This is known as postfix notation for the realm. Another common usage is prefix notation, which involves prepending the realm to the username and using '\' as a delimiter.

How to Get Realm from Windows RADIUS server?

  1. Remote Desktop to Windows RADIUS server 2012 R2.
  2. Search for active directory Users and Computers

        image.png

     3. Open Active Directory Users and Computers->Left side highlighted part is your relam/domain name. For Eg             (example.local/example.com). In this document, local is the realm name.

        image.png

Create Users in Windows 2012 r2 RADIUS server:

  1. Active directory Users and Computers -> Keep cursor on Users -> Right click -> New -> Users.

       image.png

2. Configure First Name -> User logon name.

    image.png

3. Click Next and configure Password

    image.png

    4. Click Next and Finish

        image.png

User is created successfully. User name is “example” and password is “1234xyz”

Create the RADIUS clients in Windows 2012 r2 RADIUS server

  1. Create the RADIUS clients in Windows 2012 r2 RADIUS Server. Search for nps.msc

         image.png

     2. Click RADIUS clients-> Right click -> New -> Give IP of AP /cnMaestro (if proxy RADIUS packets through               cnMestro instead of directly to the RADIUS server from the AP is enabled) and Shared Secret key.

        image.png

Now we have created our AP/cnMaestro as RADIUS client in Windows 2012 r2 Server successfully with shared secret as “1234xyz”.

How to Configure WLAN profile with 802.1x and with realm?

  1. Open the AP UI using AP’s IP address(192.168.0.x) -> Configure -> WLAN -> Add WLAN -> Basic -> Configure SSID -> Security as WPA2-Enterprise

         image.png

     2. Click RADIUS server -> Configure RADIUS Server IP address as Host -> Shared Secret which we have                   configured under RADIUS client page (In this example shared secret is “1234xyz”) and Configure Realm               (In this example our realm name is example.local).

        image.png

3. Associate mobile with that WLAN profile -> Mobile unit pops up for username and password Configure user            name as follows,

    <Username>@<Realm> or <Realm>\<Username>

     In this example the user name is example@example.local or example.local\example.

    Example 1:

    image.png

   Example 2:

   image.png

6 Likes