hello,

we are trying to connect a zone director to an active directory.

We did the main setup on the zone director. (aaa servers)

name: (just a name for the connection)
type: active directory
IP: (domain controller his IP)
Port: 389 (standard) and it’s open on the server his firewall
Windows domain name: (server domain)

But we still aren’t able to connect to the network.
When we fill in a user name and password it shows:
Failed! Invalid username or password.

We can’t seem to find anything in the server logs.

is there anything else that we need to configure to make it work
with the active directory.

Regards,
Tim

First, test that the Active Directory is responding by using the test feature on the bottom of the Configure::AAA Servers, choose the Active Directory profile and test a known login and password.

To use Active Directory for captive portal WEB authentication choose Web Autentication and select the correct Active Directory profile from the Configure::WLAN page.

How can we unauthenticated after logon using web portal, even you restart your PC, it still auto authenticated after boot up.

Regards,
William

We did use the test function on the zonedirector,
It fails with an error: Failed! Invalid username or password.

The connection doesn’t time-out.
Do we need to use some sort of bind?

Regards,
Tim

Check your configuration for Active Directory,
Verify that the IP address configured responds
Verify that the port chosen is correct for your active directory and is not blocked, the default is: 389
Verify that the domain identifies the root of the AD tree.

Ruckus can not authenticate users who are members of the AD primary group. Verify where in the AD tree the test client exists and test with a different client.

This is covered in the Release notes available on this site:

5.1.12 For Active Directory, if a group is set as a “Primary Group”, ZoneDirector will be unable to
determine whether a client is a member of that group or not (ID 9137).
If an Active Directory server is configured as the authentication server for Web Portal
based WLAN authentication and a client belongs to an AD group that is marked as a
“Primary Group”, ZoneDirector will not be able to detect whether the client is a member of
that group.
Workaround: Avoid setting the AD group as the “Primary Group”.

Tim,

It sounds as though you have not configured your “Role’s”. You will need to insure that the “Group Attribute” matches the domain security group you wish to use. ajpmiami is correct in that you cannot specify the Primary group as the group attribute since AD tokenizes that elsewhere and not in the “Member of..”. I typically define new security groups for wireless access and administrative wireless access. Also, make sure that the “Default Role” has everything unchecked. The “Default Role” always applies and the only way to “disable” it is to uncheck all the options for it.