EnGenius Cloud AP can leverage Microsoft Active Directory (AD) Server to provide a centralized authentication database for WPA2/WPA3-Enterprise or Captive Portal. Users may integrate WiFi access management with other controls such as device domains, credentials, and Email accounts.
Before setting up Microsoft AD Authentication for EnGenius Cloud AP, you need to enable SMB on Microsoft Windows server first. (Windows 2000 server or later edition).
Note:
ECW115/120/130 support SMBv1, others support SMBv2/v3.
Refer to MicroSoft Learn for SMB related configuration on Windows server.
Configure Active Directory Authentication for Wireless Network Access (SSID)
There are two ways to enable Microsoft AD Authentication to authenticate wireless users with EnGenius Cloud.
Enable Security Type WPA2/WPA3-Enterprise with AD Authentication.
Enable Captive Portal for user authentication with Active Directory Server.
Setup Microsoft Active Directory Server
The steps below only shows essential settings to work with EnGenius APs. For other detailed setting, please refer to Microsoft documentation and support center.
Select the Active Directory Domain Services role to promote a domain controller in the Server Roles steps of Add Roles and Features Wizard.
Configure Access Permission for verifying user credentials
To specify which organization units and groups EnGenius AP can access to verify the user’s credentials. (Refer to MicroSoft Learn for details)
Create Firewall rules which are needed for AP to join domain and authentication. (Refer to MicroSoft Learn for details)
88/TCP/UDP Kerberos
389/TCP/UDP LDAP
445/TCP SMB
Microsoft Active Directory server needs to be located in the same VLAN subnet as AP’s management VLAN interface. Even though the SSID enables VLAN, AP still sends SMBv1 packets to communicate with the Active Directory server via AP’s management VLAN interface
Add User and Group in Active Directory
This is to add the Active Directory group and user with Windows server 2012. And assign the user to the specific group.
Add a security group type
Click “Create a new group in the current container” and fill in group name, group type is security group
Refer to Link for Security Group Type
Add a user
create a new user and fill in necessary information
Assign a user to the group
find the user and “Adds the selected objects to a group you specify”
fill in group name then click OK
confirm user is the group member
WPA2/WPA3-Enterprise with Active Directory Server
Login to EnGenius Cloud ( https://cloud.engenius.ai ) and select the Network for configuration.
To get started:
Go to Configure > SSID and select a specific SSID name from the list
From the Wireless tab, select WPA2 Enterprise or WPA3 Enterprise for Security Type
Select Active Directory for user authentication
Click Add a server and enter the configuration (Host, Port, Admin, and Password) for the Active Directory server.
Click Add a Group and enter the configuration (Group Name) for Security Group (optional)
Click the Apply button to save SSID configurations.
Captive Portal Authentication with Active Directory Server
Login to EnGenius Cloud ( https://cloud.engenius.ai ) and select the Network for configuration.
To get started:
To get started: Go to Configure > SSID and select a specific SSID name from the list.
From the Wireless tab, set the Security Type to Open
Enable Captive Portal from the Captive Portal tab
Select Active Directory for Authentication Type
Click Add a server and enter the configuration (Host, Port, Admin, and Password) for the Active Directory server.
Click Add a Group and enter the configuration (Group Name) for Security Group (optional)
Click the Apply button to save SSID configurations.