Meraki

Community

how to set up splash page AD authentication based on AD group membership

Solved
KBLatColonial
Here to help
‎Aug 31 2022 2:32 PM
‎Aug 31 2022 2:32 PM

how to set up splash page AD authentication based on AD group membership

I want to use AD authentication in the Splash page, but want to limit the access to a specific AD group rather that the cumbersome AD scoping mentioned in the documentation.

How can that be accomplished?

 

I can use LDAP in the Splash page if that is what needs to happen to do what I want.

 

TIA for any responses/suggestions

Labels:
0 Kudos
1 Accepted Solution
In response to KBLatColonial
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 1 2022 12:40 PM
‎Sep 1 2022 12:40 PM

Well unfortunately It's not possible, you need a Radius server to use a specific group on Meraki SSID. On WLC AireOS you can set a specific group when LDAP is used but on Meraki no way.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 1 2022 11:34 AM
‎Sep 1 2022 11:34 AM

Do you have a radius server installed? If yes, you can create a policy and specify what group can log in on a specific Wlan.

 

https://blog.matrixpost.net/set-up-a-radius-server-on-windows-server-2019-for-802-1x-wireless-connec...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
KBLatColonial
Here to help
‎Sep 1 2022 12:30 PM
‎Sep 1 2022 12:30 PM

Hi, thanks for the response!  while we do have a radius server, I'd prefer the simpler solution of AD, or LDAP, even.  if I can't make that work, I'll give the Radius thing a try

 

thanks,

Kim

0 Kudos
In response to KBLatColonial
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 1 2022 12:40 PM
‎Sep 1 2022 12:40 PM

Well unfortunately It's not possible, you need a Radius server to use a specific group on Meraki SSID. On WLC AireOS you can set a specific group when LDAP is used but on Meraki no way.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Sep 1 2022 12:46 PM
‎Sep 1 2022 12:46 PM

@KBLatColonial look at this article:

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/External_Identity_Sources

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
KBLatColonial
Here to help
‎Sep 1 2022 12:55 PM
‎Sep 1 2022 12:55 PM

I really appreiciate you taking time to share your experience and advice!  I've already skimmed your first link, and I'm checking out the one from Meraki now.   

 

According to the Meraki docs, there's a way to scope AD to only allow authentication from a particular OU, but that's not a very practical method when you'd have to set a "deny" for the admin account on all the OUs except the one you're using.  We have way too many OUs for that to work...

 

thanks again for your time and effort!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.