We have few ‘XV2-2 - SCBENR-AP Wi-Fi 6 Access Point’ which are managed by cnMaestro. I want to create a new SSID where user will redirect to a web page, and they will need to log in with their active directory user and password. they will get internet only when the credentials match.
is there any full guide to do this? Thanks.
ave few ‘XV2-2
Curious to know why the guest user’s database is in LDAP. Is there any specific reason for this?
@Anandakrishnan , it is for office employees only. Not for guest.
March 15, 2023, 11:29am
I am not aware of the possibilty to create a “splash-page” with RADIUS authentication.
There is the possibilty to use 802.1x and promtp users to type in their AD credentials when connecting to the SSID. If authentication is rejected you will not be able to connect to the SSID at all.
This is done using a Windows NPS server, see guide below:
cnPilot APs do not provide any option to authenticate wireless users directly with Windows Active Directory server. We can make it happen through the Windows NPS policy. The solution work flow involves following steps:
1. Configure Windows AD
2. Configure NPS Policy
3. Integrate NPS with Windows AD
4. On cnPilot AP SSID configure external AAA pointing to NPS server
5. Wireless clients shall be configured with WPA2-Enterprise authentication, the EAP method can be one of the below support…
Edit: This applies to cnPilot AP’s, I see now that you have Xirrus AP’s. Not sure if the same applies for Xirrus.
Would the LDAP access policy not do what you desire? Just loads a logon page and once configure to point to one of your ldap servers with a low privileged user just validate credentials.
March 23, 2023, 4:51am
LDAP mode of authentication is supported in 4.x software version but not in 6.x software version.
So this feature is EOL?
Still works on v6.5.1-r11 controlled via cnMaestro.