cnPilot APs do not provide any option to authenticate wireless users directly with Windows Active Directory server. We can make it happen through the Windows NPS policy. The solution work flow involves following steps:
1. Configure Windows AD
2. Configure NPS Policy
3. Integrate NPS with Windows AD
4. On cnPilot AP SSID configure external AAA pointing to NPS server
5. Wireless clients shall be configured with WPA2-Enterprise authentication, the EAP method can be one of the below supported protocols
1. EAP-PEAP (user name and password based authentication)
2. EAP-TLS (certificate based authentication)
Configuration:
User & Group Configuration on Active Directory:
USER:
Group:
Add Group to the User:
Network Policy Server Configuration:
RADIUS Client:
Network Policies:
a) USER Group
b)NAS Port Type
c) Add required Authentication Methods
d) Select supported Encryption:
Configuration on cnMaestro:
Create a WLAN:
Map NPS Server IP with correct shared secret used while creating RADIUS Client on NPS Server.
Map the WLAN to the required AP Group.