2

We setup a WiFi system in our school and currently we are using single password to let teachers login into campus WiFi. Next Semester we want to let kids login into WiFi for in class activities.

We provide them with office 365 accounts(Free version for education) and it comes with Azure AD. Is there a way I can authenticate the students into WiFi using Azure AD? Do I need to add additional infrastructure? My WiFi controller(Has public IP) comes with option for setting LDAP server. Is there something I can do to make Azure AD work like LDAP server. Being a non profit we have limited resources so please suggest a economical solution.

user899893
  • 121
  • 2

2 Answers2

1

Azure Active Directory supports various authentication APIs and protocols, but LDAP isn't amongst them.

However, Azure AD Domain Services (currently in preview) will be able to help you here, because they allow you to treat the user database in Azure AD just like an actual AD domain, including joining machines to it and performing LDAP queries.

Some other info: https://azure.microsoft.com/en-us/documentation/articles/active-directory-ds-overview
http://azureblogger.com/2016/01/azure-ad-domain-services-and-ldap-enabled-application-for-cloud-only-tenants

Note: even if this works, it will probably be a lot trickier to setup and manage than simply running a real Windows Server DC.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • There will be some hidden costs as well with the VPN and/or Express route you would want to have configured in this scenario. If there is no local AD already (which is LDAP), they should consider maybe a pre-created virtual appliance (for example - https://www.turnkeylinux.org/openldap ). – Jesus Shelby Jul 29 '16 at 18:56
  • Is it possible using SAML that is available with Gsite? Since both GSuite and O365 is free for education we can switch between these. If it is possible with SAML are there any wireless controllers that support SAML without having a costly local server? Our school is currently using Cisco 2500 Series Wireless Controller, Cisco Catalyst 3650 24 Port Data 4x1G Uplink IP Base, Catalyst 2960-X 24 GigE and Cisco access points. Is there something I can add to enable SSO ro LDAP compatibility. We dont have a local server now. – user899893 Nov 16 '18 at 08:55
0

This can be done if your router supports secure ldap (ldaps). I'm not sure if there is a cost for O365 education but the virtual dns servers required to get this azure ad domain services working costs about $60/month.

mdr
  • 1