We're evaluating a switch from Meraki to Ubiquity and want to keep the AD user-based sign-on for employee devices (phones, tablets etc).
With Meraki it's dum-dum simple, no special attribs to send back or anything since the VLAN is assigned by the network config on their portal.
I think I've got the basics sorted, but does anyone have a good reference for doing this with Windows NPS before I start trying to re-invent the wheel?
Related question: Anyone have any thoughts on the merits of Ubiquity vs Cambium Networks? They were suggested as another player to consider but I'd never heard of them before.
*** Clarification ***
Radius is working for corporate devices using WPA2 Enterprise / Certificate based access. It was just a matter of adding the AP as an authorized RADIUS client and the existing setup worked.
Things don't jive when I try to have the hotspot portal authenticate against AD users via NPS / RADIUS. I've got it working with other scenarios (vpn authorization via our security appliances being the main one).
The guide that I found (http://www.sysadminlab.net/certificate_and_ca/configure-ubiquiti-wireless-ap-to-authenticate-users-using-ad-usernamepassword) has had some of it's most relevant screenshots eaten by the monsters of the interwebs.
On the NPS side of things I'm seeing connection attempts coming from the server IP for the unifi controller (and not the AP as the guide would have me expect). I see the logic in the request coming from the controller, and have added it as an authorized client, but can't get any farther than the following error:
An Access-Request message was received from RADIUS client X.X.X.X with a Message-Authenticator attribute that is not valid.
There's a post on the ubnt forums (https://community.ui.com/questions/802-1x-Message-Authenticator-attribute-that-is-not-valid/4fa44f43-483b-4c75-8e99-e42dc6d41aaa) but their only suggestions are with regards to ensuring that the shared secret is the same on both ends, and unless I've completely forgotten how to copy/paste, I've done everything reasonably possible there.