Configure Active Directory Authentication for Wireless Network Access (SSID)

There are two ways to enable Microsoft AD Authentication to authenticate wireless users with EnGenius Cloud.

• Enable Security Type WPA2/WPA3-Enterprise with AD Authentication.

• Enable Captive Portal for user authentication with Active Directory Server.

Setup Microsoft Active Directory Server

The steps below show only the important settings. Please refer to Microsoft documentation and support for assistance.

To get started:

• Select the Active Directory Domain Services role to promote a domain controller in the Server Roles steps.

• Configure Access Permission for verifying user credentials

  • To specify which organization units and groups EnGenius AP can access to verify the user’s credentials.

  • refer to https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts​

  ​

• Create Firewall rules which are needed for AP to join domain and authentication (ref: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts)

  • 88/TCP/UDP Kerberos

  • 389/TCP/UDP LDAP

  • 445/TCP SMB

• Note: Microsoft Active Directory server needs to be located in the same VLAN subnet as AP’s management VLAN interface. Even though the SSID enables VLAN, AP still sends SMBv1 packets to communicate with the Active Directory server via AP’s management VLAN interface.

WPA2/WPA3-Enterprise with Active Directory Server

Login to EnGenius Cloud ( https://cloud.engenius.ai ) and click the (hamxxxx) icon to select the Network for configuration.

To get started:

• Go to Configure > SSID and select a specific SSID name from the list

• From the Wireless tab, select WPA2 Enterprise for Security Type

• Select Active Directory for user authentication

• Click Add a server and enter the configuration (Host, Port, Admin, and Password) for the Active Directory server.

• Click the Apply button to save SSID configurations.

Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it.

Captive Portal Authentication with Active Directory Server

Login to EnGenius Cloud ( https://cloud.engenius.ai ) and click the (hamxxxx) icon to select the Network for configuration.

To get started:

• To get started: Go to Configure > SSID and select a specific SSID name from the list.

• From the Wireless tab, set the Security Type to Open.

• Enable Captive Portal from the Captive Portal tab.

• Select Active Directory for Authentication Type

• Click Add a server and enter the configuration (Host, Port, Admin, and Password) for the Active Directory server.

• Click the Apply button to save SSID configurations. Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it.

Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it.