AD Radius based on user groups

  • 1
  • Question
  • Updated 2 years ago
I have a group of 2 AP130 being Radius server an authenticating against AD. Working so far.

I want to only allow users in specific AD group (like "wlan_allowed") having access while refusing others. A workaround could be putting non allowed users in a blackhole VLAN while putting legit users in real VLAN.

I have seen some examples for HMOL, but couldn't figure this out in HMNG.

Is this already possible at all ?
Photo of Foxi352

Foxi352

  • 7 Posts
  • 1 Reply Like

Posted 3 years ago

  • 1
Photo of pstejskal

pstejskal

  • 2 Posts
  • 0 Reply Likes
Have you figured this out?  I am trying to do something similar.  I want students to get put to vlan5 and staff to vlan 4.  I am using Windows NPS (RADIUS) server and can't figure out how to 1.  get the attributes for the group returned by RADIUS, and 2.  how to setup HMOL to use the AD group membership to set the profile and vlan.
Photo of mag007

mag007

  • 24 Posts
  • 1 Reply Like
I assume you have created separate user profiles for Student and Staff in HiveManager.  You will need your RADIUS server to return attribute that will match the User Profile attribute.  In your user profile, you assign the VLAN that you need to use for that group of users.  On your RADIUS server (NPS) you will need to create separate policies for staff and students. I assume you have AD groups for Students and Staff. You use the student group as a match condition for student policy and staff group for staff policy.

Hope that helps.