how to set up splash page AD authentication based on AD group membership

Solved
KBLatColonial
Here to help

how to set up splash page AD authentication based on AD group membership

I want to use AD authentication in the Splash page, but want to limit the access to a specific AD group rather that the cumbersome AD scoping mentioned in the documentation.

How can that be accomplished?

 

I can use LDAP in the Splash page if that is what needs to happen to do what I want.

 

TIA for any responses/suggestions

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

Well unfortunately It's not possible, you need a Radius server to use a specific group on Meraki SSID. On WLC AireOS you can set a specific group when LDAP is used but on Meraki no way.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

Do you have a radius server installed? If yes, you can create a policy and specify what group can log in on a specific Wlan.

 

https://blog.matrixpost.net/set-up-a-radius-server-on-windows-server-2019-for-802-1x-wireless-connec...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
KBLatColonial
Here to help

Hi, thanks for the response!  while we do have a radius server, I'd prefer the simpler solution of AD, or LDAP, even.  if I can't make that work, I'll give the Radius thing a try

 

thanks,

Kim

alemabrahao
Kind of a big deal
Kind of a big deal

Well unfortunately It's not possible, you need a Radius server to use a specific group on Meraki SSID. On WLC AireOS you can set a specific group when LDAP is used but on Meraki no way.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

@KBLatColonial look at this article:

 

https://documentation.meraki.com/MR/Encryption_and_Authentication/External_Identity_Sources

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
KBLatColonial
Here to help

I really appreiciate you taking time to share your experience and advice!  I've already skimmed your first link, and I'm checking out the one from Meraki now.   

 

According to the Meraki docs, there's a way to scope AD to only allow authentication from a particular OU, but that's not a very practical method when you'd have to set a "deny" for the admin account on all the OUs except the one you're using.  We have way too many OUs for that to work...

 

thanks again for your time and effort!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels