I want to use AD authentication in the Splash page, but want to limit the access to a specific AD group rather that the cumbersome AD scoping mentioned in the documentation.
How can that be accomplished?
I can use LDAP in the Splash page if that is what needs to happen to do what I want.
TIA for any responses/suggestions
Solved! Go to solution.
Well unfortunately It's not possible, you need a Radius server to use a specific group on Meraki SSID. On WLC AireOS you can set a specific group when LDAP is used but on Meraki no way.
Do you have a radius server installed? If yes, you can create a policy and specify what group can log in on a specific Wlan.
Hi, thanks for the response! while we do have a radius server, I'd prefer the simpler solution of AD, or LDAP, even. if I can't make that work, I'll give the Radius thing a try
thanks,
Kim
Well unfortunately It's not possible, you need a Radius server to use a specific group on Meraki SSID. On WLC AireOS you can set a specific group when LDAP is used but on Meraki no way.
@KBLatColonial look at this article:
https://documentation.meraki.com/MR/Encryption_and_Authentication/External_Identity_Sources
I really appreiciate you taking time to share your experience and advice! I've already skimmed your first link, and I'm checking out the one from Meraki now.
According to the Meraki docs, there's a way to scope AD to only allow authentication from a particular OU, but that's not a very practical method when you'd have to set a "deny" for the admin account on all the OUs except the one you're using. We have way too many OUs for that to work...
thanks again for your time and effort!