Active Directory has become the industry standard authentication server for most enterprise network deployments today. Meraki cloud-managed APs have always been able to integrate with Active Directory using RADIUS, by enabling Microsoft Network Policy Server (or Internet Authentication Service, depending on which version of Windows Server you are running). This satisfies the needs of most enterprise deployments, and RADIUS can actually be used with Meraki to communicate with any type of authentication server that speaks RADIUS, including LDAP.
If your network does not require the additional configuration options provided by RADIUS integration, there are certain advantages if the APs can communicate directly with Active Directory without a RADIUS server playing intermediary. Using Meraki’s native AD integration eliminates the need to configure Microsoft NPS (or any other RADIUS server) for AD integration. Also, for multi-domain forests, for example a school that has one domain for faculty and another for students that is using sign-on splash authentication, users must remember to include their domain with their username, which can easily be forgotten. Or alternatively, a complex hierarchy of RADIUS proxy servers or custom scripts might be required to make the log in process easier for the user. These steps aren’t necessary when using native AD.
With our latest firmware upgrade (being rolled out to Enterprise customer networks now), Meraki wireless networks now feature native Active Directory and LDAP integration with Sign-On Splash. It’s incredibly easy to deploy. When the network sign-on method is configured as Sign-on splash page on the Configure -> Access Control page, you will now see two new options under the Authentication Server drop-down selector, “Use my LDAP server” and “Use my Active Directory server”. If you don’t see these options, then you have not yet been upgraded to our most recent firmware version, so keep an eye out for a Dashboard notice about a pending firmware upgrade in the next 1-2 weeks and then give it a try.
To enable native Active Directory authentication, select “Use my Active Directory server”, and then add the IP addresses of each domain controller in the forest, along with administrator credentials that have administrative access to each domain listed.