LogoLogo
  • EnGenius Cloud Technology
  • EnGenius Cloud Services DataCenters
  • LLDP-MED
  • Presence Service
  • Captive Portal
    • Integrate with External Splash Page
      • Click-through
      • Sign-on Splash
      • Error Message
  • Zero-wait DFS
  • Security Access Points
    • Wireless Network Security Issues
    • Denial of Service and EnGenius Solution
    • Data Breach, Passcode Cracking, and the EnGenius Solution
    • EnGenius Solution and Benefits
  • AirGuard
    • Rogue AP
    • Rules and Classifications
    • Evil Twin
    • Malicious Attacks
    • RF Jamming
  • Fast Handover RSSI Thresholds
  • Authentication with Google Secure LDAP Server
    • Configure Google LDAP Authentication for Wireless Networks Access
    • Appendix
    • Troubleshooting
  • Authentication with Microsoft Active Directory (AD) Server for Wireless Users
    • Configure Active Directory Authentication for Wireless Network Access (SSID)
    • Behavior to Authenticate Users with Microsoft AD Server
    • Appendix
    • Troubleshooting
  • Configure SAML SSO with ADFS
  • Authentication with Microsoft Entra ID LDAP Server
Powered by GitBook
On this page
  • Setup Microsoft Active Directory Server
  • WPA2/WPA3-Enterprise with Active Directory Server
  • Captive Portal Authentication with Active Directory Server

Was this helpful?

Export as PDF
  1. Authentication with Microsoft Active Directory (AD) Server for Wireless Users

Configure Active Directory Authentication for Wireless Network Access (SSID)

Last updated 3 months ago

Was this helpful?

There are two ways to enable Microsoft AD Authentication to authenticate wireless users with EnGenius Cloud.

  • Enable Security Type WPA2/WPA3-Enterprise with AD Authentication.

  • Enable Captive Portal for user authentication with Active Directory Server.

Setup Microsoft Active Directory Server

The steps below show only the important settings. Please refer to Microsoft documentation and support for assistance.

To get started:

  • Select the Active Directory Domain Services role to promote a domain controller in the Server Roles steps.

​Figure01 -- Select Server Roles
  • Configure Access Permission for verifying user credentials

    • To specify which organization units and groups EnGenius AP can access to verify the user’s credentials.

    ​

    • 88/TCP/UDP Kerberos

    • 389/TCP/UDP LDAP

    • 445/TCP SMB

  • Note: Microsoft Active Directory server needs to be located in the same VLAN subnet as AP’s management VLAN interface. Even though the SSID enables VLAN, AP still sends SMBv1 packets to communicate with the Active Directory server via AP’s management VLAN interface.

WPA2/WPA3-Enterprise with Active Directory Server

To get started:

  • Go to Configure > SSID and select a specific SSID name from the list

  • From the Wireless tab, select WPA2 Enterprise for Security Type

  • Select Active Directory for user authentication

  • Click Add a server and enter the configuration (Host, Port, Admin, and Password) for the Active Directory server.

  • Click the Apply button to save SSID configurations.

Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it.

Captive Portal Authentication with Active Directory Server

To get started:

  • To get started: Go to Configure > SSID and select a specific SSID name from the list.

  • From the Wireless tab, set the Security Type to Open.

  • Enable Captive Portal from the Captive Portal tab.

  • Select Active Directory for Authentication Type

  • Click Add a server and enter the configuration (Host, Port, Admin, and Password) for the Active Directory server.

  • Click the Apply button to save SSID configurations. Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it.

Note: Authentication with Active Directory is a feature in Pro Plan, and it requires a PRO license to enable it.

refer to ​

Create Firewall rules which are needed for AP to join domain and authentication (ref: )

Login to EnGenius Cloud ( ) and click the (hamxxxx) icon to select the Network for configuration.

Login to EnGenius Cloud ( ) and click the (hamxxxx) icon to select the Network for configuration.

https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
https://cloud.engenius.ai
https://cloud.engenius.ai
Figure02 -- Enable AD Authentication with WPA2/WPA3
Figure03 -- SSID list
Figure04 -- Set the wireless security type
Figure05 -- Enable AD Authentication with Captive Portal