ACtive Directory as an authentication method in Aerohive Wireless Network

  • 1
  • Question
  • Updated 2 years ago
Hi everyone, can you tell me if it ́s possible that an Aerohive wireless controller like AH-HM-1U use an Active Directory like a method to authentication users? Thanks a lot
Photo of Pedro Alatorre

Pedro Alatorre

  • 6 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
It's not a controller, but the answer to your question is Yes.
Photo of Pedro Alatorre

Pedro Alatorre

  • 6 Posts
  • 0 Reply Likes
Thanks Mike but, what is the difference of AH-HM-1U with a wireless controller?
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
I am sure others here will gladly elaborate much more, but essentially, in most cases for controller-based systems when/if the access points lose contact with the controller then they either stop operations or have limited functionality. Aerohive access points operate as standalone devices with cooperative control protocols to coordinate their activity. Shut down and remove your on-premises HiveManager and they'll continue uninterrupted.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Flowing logically as a consequence from what Mike says, it is the APs that will bind to and query the directory NOT HiveManager. Does that clear things up?
Photo of Pedro Alatorre

Pedro Alatorre

  • 6 Posts
  • 0 Reply Likes
Yes, now it ́s more clear for me.

Thanks a lot
Photo of Gary Babin

Gary Babin

  • 21 Posts
  • 5 Reply Likes
I'll add this bit -- while Aerohive APs can be used as a Radius server there are limitations and gotcha's waiting. Highly recommend you set up an Active Directory based Radius service with the APs acting as the middle man.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Having a RADIUS server in the AP firmware is a convenience feature, designed to meet the needs of smaller sites with typical use cases as it is one less separate thing to understand and manage. Users just have to bind to an appropriate directory and much of the complexity is masked.

The moment you fall outside those bounds, it's definitely better to run something dedicated for many reasons.