Meraki

Community

group policy on MX is not working after successful authentication on MR.

MohammadSabir
New here
‎Feb 20 2023 9:19 PM
‎Feb 20 2023 9:19 PM

group policy on MX is not working after successful authentication on MR.

Hi 

 

This is sabir and we are having meraki MX,MR and MS setup.

 

we are trying users should get different access for internet from MX after successful authentication with active directory on MR ssid.

 

we integrated our AD on MX, configured multiple group policies and users group mapped to group policy also but after successful users authentication on MR ssid group policy not getting mapped and users OU information is also not available.

 

MX is gateway for all vlan.

 

 

we used below link for configuration.

 

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...

 

 

need your help to resolved this issue.

 

Thanks

0 Kudos
5 Replies 5
Frank-NL
Getting noticed
‎Feb 21 2023 12:49 AM
‎Feb 21 2023 12:49 AM

Hi, could it be the users/clients were already connected before the group policies were applied?

To check this, force 'forget' a client from the monitor->client page and reconnect

0 Kudos
In response to Frank-NL
MohammadSabir
New here
‎Feb 21 2023 8:50 PM
‎Feb 21 2023 8:50 PM

Dear Frank,

 

thanks update.

 

we revoke the user and also tried forget to reconnect the laptop but issue not resolved.

 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 21 2023 9:17 AM
‎Feb 21 2023 9:17 AM

The MX will need to be the default gateway for each subnet, and the MR SSID will need to be in bridge mode.  This is because it is the MX that does the content filtering.  Is this the case?

0 Kudos
In response to PhilipDAth
MohammadSabir
New here
‎Feb 21 2023 8:54 PM
‎Feb 21 2023 8:54 PM

Dear Philip,

 

Thanks update.

 

yes ssid is in bridge mode and we mapped vlan in ssid setting. user get MR splash to authenticate with Active directory credentials and on MX group policy is mapped to active directory user group.

 

MX is gateway for all VLAN.

 

 

0 Kudos
In response to MohammadSabir
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 22 2023 10:18 AM
‎Feb 22 2023 10:18 AM

It sounds like the MX may not be talking properly to Active Directory or Active Directory is not confoigured correctly.

 

Are you seeing these events IDs on your AD controllers?  If not, auditing is not properly enabled in AD.  These are the event IDs the MX monitors for.

Using Logon Events (540 and 4624) and Account Logon Events (672 and 4768)

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc... 

 

Did you install a on your AD controller?

 

Check out this troubleshooting guide:
https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Active_Directory_I... 

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.