NPS, Roles and VLAN Configuration
I am currently implementing a method for our users to connect to a specific SSID using a Hotspot Provisioning SSID which downloads the Zero IT configuration installer and connects them to the appropriate network based on their AD group membership.
As it stands I have configured Ruckus, setup the SSIDs, setup the roles and responses, setup NPS with matching responses (via the Vendor ID) for the roles and added users to groups for testing.
So, users connect to the Provisioning SSID, are prompted for credentials which they enter, receive either an executable file or a profile for iOS users and are then connected to the appropriate SSID and VLAN based on AD and the response from NPS.
The issue is that whilst some users receive the correct SSID configuration based on their group membership, others receive all three SSID configurations.
For example, I am a member of Staff in AD and get only the Staff SSID during the configuration process, and the correct VLAN and therefore filtering. Whereas a test Student, who is a member of Student in AD, receives configuration profiles for Staff, Student and SixthForm SSIDs. Another test student, with only the Student group in AD, receives configuration profiles for Staff and SixthForm but NOT Student.
The process is not consistent.
When I test the configuration under AAA Servers, I get the correct group responses from NPS for all three accounts, suggesting they would only receive the one configuration profile.
I am at a loss to explain or understand this. Can anyone help me identify where I might be going wrong here?