Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MS Switches - MAC Auth Bypass - Azure AD

PrestonL
Conversationalist
‎Aug 4 2022 4:29 PM
‎Aug 4 2022 4:29 PM

MS Switches - MAC Auth Bypass - Azure AD

I am following the guide for configuring Mac Auth Bypass found here:https://documentation.meraki.com/MS/Access_Control/Configuring_Microsoft_NPS_for_MAC-Based_RADIUS_-_...

Problem is that I do not have on-prem Active Directory and I am unable to create a user account in Azure AD following these instructions.

I cannot create an account for the print device using its MAC Address for both its user name and password because of the built-in password policy in Azure AD. It will not allow me to use the MAC Address because it does not meet the complexity requirements.

 

Anyone else experience this? Any work arounds?

0 Kudos
Subscribe
4 Replies 4
PrestonL
Conversationalist
‎Aug 5 2022 12:03 PM
‎Aug 5 2022 12:03 PM

As of today, Meraki support could not provide me with a solution to this scenario. I think I may have figured out a way to make this work in Azure AD.

 

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/password-policy

 

I will share my findings when completed.

Subscribe
In response to PrestonL
AmyReyes
Community Manager
Community Manager
‎Aug 8 2022 7:38 AM
‎Aug 8 2022 7:38 AM

Hi @PrestonL, welcome to the Meraki Community! Thank you for taking the time to follow up with a potential workaround to your problem and for offering to share the solution with us as well! I'm sure that answer will be helpful to others in the future. Look forward to seeing you around the forums 😊

0 Kudos
Subscribe
In response to AmyReyes
PrestonL
Conversationalist
‎Aug 8 2022 2:10 PM
‎Aug 8 2022 2:10 PM

Thanks @AmyReyes 

0 Kudos
Subscribe
In response to PrestonL
PrestonL
Conversationalist
‎Aug 8 2022 2:09 PM
‎Aug 8 2022 2:09 PM

The only potential solution I have found thus far is to have a local Domain Controller and sync it with your Azure AD as Azure AD will follow the password policies of your local domain controller.

 

On the local DC:

  • Create a new password policy to meet your complexity requirements (or should I say lack thereof) 
  • Configure the new password policy with a precedence lower (< 200) than the precedence of the default Azure AD Password policy (= 200) so it takes priority.
  • Assign the new password policy to the Security group where the MAC Auth Bypass user accounts will reside.
  • Place your IoT user accounts in this Security group and change their passwords accordingly.

 

 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.