Skip to main content

11 Messages

 • 

270 Points

Mon, Apr 4, 2016 10:59 AM

VSZ - Active Directory and Default Group Attribute Value

Hello,

I am just wondering if anyone has got their VSZ setup with a WLAN that users log into the web authentication using accounts from Active Directory. 

I had this set up p[perfectly with the ZoneDirector but can't seem to get it to work with the VSZ. 

The Admin Guide i have says I can set the default Group Attribute Value when configuring the Roles, but that option is not there. The option is there how ever when I configure a Proxy AAA, but when testing, the results return Primary server success but do not list the group (which I've read it should). When logging into the WLAN I can an Invalid username or password message.

Has anyone got this kind of setup working. I have a case open, just looking to see if people have the same issue.

Thanks.

Responses

11 Messages

 • 

226 Points

5 years ago

David, I've had the same problem. you'll see the case I brought about a year agoi;I tried everything you did and still had no success. It's a problem that Ruckus know about but have not come up with a solution yet. 
It's pretty urgent I would feel because a basic feature like this needs to be available to quite a lot of companies/organisations. Hopefully we'l get a solution sooner rather than later

11 Messages

 • 

270 Points

5 years ago

I had to guys remoted in all of Monday trying to setup NPS and RADIUS as a work around but no joy yet. I need to get this working by Monday or else I'm going to have to stick with the Zonedirector, which means sitting on 53 brand new APs and carrying on using 802.11b/g :(

11 Messages

 • 

270 Points

5 years ago

Well we got somewhere today. We were able to log in with AD users, but unfortunately any AD users. We were not able to limit it based on AD groups and vSZ Roles.

3 Messages

 • 

82 Points

4 years ago

I have one problem with the attributes.

I try to restrict the access to the one especifc wlan based on the RADIUS Group Atributes, but i does have susses. The users still have access to that wlan.

11 Messages

 • 

270 Points

4 years ago

This could be down to two issues, a) Either your group attributes arent working and everyone is getting the role of "default" and has access to all WLANs or b) In the vsz you have to select one of the wlans when selecting which wlans a role can use where as you didnt have to select one in the zone director software.

30 Messages

 • 

454 Points

4 years ago

I'd be interested to see if this and been resolved as i'm having the exact same problem. I have a vSZ and 22 R510 APs sat waiting to replace a 1100 controller and 20 7363 APs but the 1100 just works and i feel that i've laid out a load of money to go backwards on functionality. Here's my thread with what we have at the moment https://forums.ruckuswireless.com/ruckuswireless/topics/vsz-3-5-roles-with-web-auth-limit-ad-groups-...

Why cant Ruckus just keep features in that are actually useful!

11 Messages

 • 

270 Points

4 years ago

It was ment to be resolved with a firmware update that was ment to come out at the end of Feburary according to the person at ruckus thats looking after the case for me. I haven't heard from him since december but you have reminded me to get incontact and get an update!

30 Messages

 • 

454 Points

Did you manage to get an update from Ruckus?

30 Messages

 • 

454 Points

4 years ago

Ha, false promises, that's a good start. 

Would you be able to update this thread when you've heard back, i'm keen to get my setup in next week / week after as that's a maintenance window for us otherwise it's going to be the end of May.

11 Messages

 • 

270 Points

4 years ago

Good news, the new firmware was released a few weeks ago. I haven't got my hands on it yet so can't comment on it.

If you have a login for the ruckus support site it's up for download.

30 Messages

 • 

454 Points

I've got 3.5.0.0.808 which is showing on the downloads page however this hasn't addressed the issue with AD groups and roles meaning AD groups are still not supported in this release.

11 Messages

 • 

270 Points

4 years ago

Well that's not what I wanted to hear. I haven't even fired up the vSZ in about forever so have to get it on there and see. Can you see any changes in it?

30 Messages

 • 

454 Points

4 years ago

I was on 3.4 before 3.5 - 3.5.0.0.808 came out a week or so after i purchased the vSZ.

3.5 has a completely different look and feel to it, my upgrade took a couple of hours to complete however it does seem a lot quicker.

I've asked my reseller to look into the AD problem too but they came back with creating a rule and force them on to a specific VLAN, this is not what i want to do, i'm wanting to stop a specific group in AD from being able to connect to a SSID.

Here are 2 screenshots of 3.5 - the login screen and the home page which can be customised.



11 Messages

 • 

270 Points

4 years ago

Do you have your smartzone and zonedirector up at the same time, is it safe to do that?

30 Messages

 • 

454 Points

4 years ago

I cannot retire the smartzone yet until ruckus bring about the AD group feature. The smartzone has 20 7363s connected to it which is live.

I've got the vSZ setup with 22 R510s sat in a box waiting to be swapped out. Once Ruckus release the AD groups feature, then i'll setup the vSZ to the same configuration as the 1100 and swap the 7363s with the R510s. The R510s will detect with vSZ automatically and set them selves up.

It's been tested and the system is pretty much waiting to go but Ruckus will not release the AD groups feature to the vSZ. It feels like ive spent a small fortune on a white elephant!

3 Messages

 • 

90 Points

3 years ago

Hello,
someone know if the AD Groups feature is released or not?

11 Messages

 • 

270 Points

3 years ago

Hello All,

Just to update, we now have the VSZ up and running, but not using the AD groups feature. We've switched to using a RADIUS server through our smoothwall.

For all those waiting on the AD groups feature, it is now included in the software, version 3.5.1.0.296 is what I'm running, it's the last option when you configure a AAA server.

On the downside though they have removed the section under roles where you can limit a role to  individual WLANS, this screen on the ZoneDirector. So kind of give with one hand, take away with the other. There must be a way to replicate with with traffic profile mapping but I haven't looked at that.