Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Integrating Active Directory with Meraki Firewall MX64

Nadim
Comes here often
‎Dec 1 2020 12:15 AM
‎Dec 1 2020 12:15 AM

Integrating Active Directory with Meraki Firewall MX64

Hi,

I followed the documentation on Meraki in order to integrate MX with my Local Active Directory. I created an SSL certificate and did an ldp test which is successful whenever i use port 636 with SSL (checked/enabled). 

I was able to add AD under the Security & SD Wan where the connection was successful and when I refresh LDAP groups appear (as created on my AD i.e. Restricted Access Group, INternet Medium & internet full).

However I have 2 issues: 

1- Clients within their Groups (assigned to in AD) aren't applicable to any Group Policy from Meraki MX side

2- APs (when trying to enable Splash page) fail to connect (tried LDAP and ACtive Directory) it gives an error 249 (even though i am using the same username and password in Step 1- mentioned above)

 

check below screenshots :

 

 

Nadim_0-1606810314530.pngNadim_1-1606810357993.png

Nadim_2-1606810489831.png

 

0 Kudos
Subscribe
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 1 2020 2:01 PM
‎Dec 1 2020 2:01 PM

Port 3268 is only available on global catalogue servers.  If you have a single AD controller - it must already be a global catalogue server.

 

If you have only 1 AD controller?

0 Kudos
Subscribe
In response to PhilipDAth
Nadim
Comes here often
‎Dec 1 2020 11:54 PM
‎Dec 1 2020 11:54 PM

Yes. only one active directory is running currently with global catalogue server enabled as well.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 1 2020 2:02 PM
‎Dec 1 2020 2:02 PM

Also, the SSL certificate you create was for the FQDN of the AD controller you are talking to?

0 Kudos
Subscribe
In response to PhilipDAth
Nadim
Comes here often
‎Dec 1 2020 11:57 PM
‎Dec 1 2020 11:57 PM

And the SSL certificate generated is identical to FQDN that of the active directory. I tried the ldp.exe tool it connects to both my ip address and fqdn using port 636 and ssl.

0 Kudos
Subscribe
Nadim
Comes here often
‎Dec 2 2020 7:12 AM
‎Dec 2 2020 7:12 AM

To clarify how my network is working, I have 2 meraki MX64 (warm spare enabled) connected to two MS switches each is used for a certain VLAN (attached image); meaning that I have a switch used for vlan x.x and another for xx.x to separate LAN from WLAN, I can see that under Security & SD Wan -> Addressing & VLANs I have no Group policy assigned to those VLANs. However, if I assign a policy this will neglect the role of my AD to assign users to their groups. Meaning that all users on vlan x.x will have a group policy applied (everyone on this vlan without exception)

Nadim_0-1606921968842.png

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.