I have a small network with sg-5100 as firewall, nas (and AD DS - won’t be different than what Synology are using) - QNAP, and Unifi AP-Nano HD.
I was watching Tom’s movies, and did lot of research but still cannot get the concept of how can I force the wireless users to login using AD DC’ credentials.
Can you please give a hand with suggestions, materials, links perhaps.
Thanks, and Best,
I have not done this myself, but my understanding is you need a RADIUS server, which the AP contacts. The RADIUS server then needs to check AD.
Thank you @brwainer
The question is how this is done. QNAP has RADIUS Server but it doesn’t support AD authentication.
So I guess I need to create the RADIUS on pfSense, but how to integrate it with the AD ?
I see in Unifi - Settings - Profile - Radius I can create a Radius account but again, how all of this possibly will be integrated with the AD ?
The major settings must be done into the firewall I guess ?
I just found this one
on Jim Pingle’s Monthly Hangout - RADIUS and LDAP on pfSense 2.4
I guess it concludes the discussion - I hope I am wrong
You say you have AD DC - is this actually running on a Windows server? If so you can install the “Network Policy and Access Services” which includes a RADIUS server that is directly integrated into AD.
Thank you for your response @brwainer.
The AD is on QNAP that is Debian- based so not all functionalities are there I guess.
The QNAP can also run a RADIUS server, looks like it uses the local users, but maybe the users you created “in AD” on the QNAP can be used for RADIUS?
And if you can’t, at least you would have all your user admin in one place, on the QNAP.
Thank you very much for the link @brwainer !
I will test it tomorrow and revert back to you.
It worked @brwainer !
It doesn’t use AD but still is additional layer of protection.
Thank you for your help !