https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473710#M293322 <P>By AD Authentication do you mean 802.1x Radius? If so then it does look like you could have that selected for Network Access section and the spash 'Click-Through' is served by the Meraki servers so no certificate needed. <SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 815px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/268521iF09D5439E49613CE/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P> Tue, 13 Feb 2018 16:05:18 GMT simple818 2018-02-13T16:05:18Z https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473709#M293321 <P>I see in the documentation that a MR33 wireless AP can use AD authentication and a "splash-page" sign on option.</P><P>Does this require that a certificate be installed on the Meraki AP? One that is valid on a public / commercial level, so that it doesn't throw up errors when users see it? Or is that not an issue?</P> Tue, 13 Feb 2018 15:58:51 GMT https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473709#M293321 Colin Higgins 2018-02-13T15:58:51Z https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473710#M293322 <P>By AD Authentication do you mean 802.1x Radius? If so then it does look like you could have that selected for Network Access section and the spash 'Click-Through' is served by the Meraki servers so no certificate needed. <SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture.PNG" style="width: 815px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/268521iF09D5439E49613CE/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P> Tue, 13 Feb 2018 16:05:18 GMT https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473710#M293322 simple818 2018-02-13T16:05:18Z https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473711#M293323 <P>Actually, I was think of this</P><P><A href="https://documentation.meraki.com/MR/Splash_Page/Integrating_Active_Directory_with_Sign-On_Splash_Page" target="_blank" rel="nofollow noopener noreferrer">https://documentation.meraki.com/MR/Splash_Page/Integrating_Active_Directory_with_Sign-On_Splash_Page</A></P><P>unless that requires the MX appliance</P> Tue, 13 Feb 2018 16:52:49 GMT https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473711#M293323 Colin Higgins 2018-02-13T16:52:49Z https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473712#M293324 <P>You can do this in a few different ways. You can do 802.1x which can be implemented using AD.</P><P>Or, you can use splash page sign on with AD authentication. You will need to have a certificate on your server so the AP can validate against it when logging users on. The certificate can be self-signed but it is not recommended.</P> Tue, 13 Feb 2018 16:53:15 GMT https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473712#M293324 CMetsch 2018-02-13T16:53:15Z https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473713#M293325 <P>The AD server will have a certificate (self-signed), but I was wondering about the page that actually gets served up to the wireless clients.</P><P>That comes from the Meraki AP correct? I just wanted to make sure they didn't get certificate warnings/errors from it</P> Tue, 13 Feb 2018 17:10:01 GMT https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473713#M293325 Colin Higgins 2018-02-13T17:10:01Z https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473714#M293326 <P>The web page comes from the cloud and should not throw a certificate error The certificate you install on your AD is to validate itself against the AP, when doing logins, not for serving web pages.</P> Tue, 13 Feb 2018 17:12:51 GMT https://community.cisco.com/t5/wireless/wireless-network-with-splash-page-ad-authentication/m-p/5473714#M293326 CMetsch 2018-02-13T17:12:51Z