Cannot get Meraki APs to connect to my new NPS server

BrettSanderson
Conversationalist

Cannot get Meraki APs to connect to my new NPS server

I'm in the Meraki dashboard in the Wireless>Access Control page trying to test authentication with my new NPS server.

 

In NPS, I have:

1. NPS>Register server in Active Directory

2. Triple-checked my shared secret in the Meraki dashboard and NPS server

3. Set up a Radius Client in NPS for my WAPs with 10.x.x.0/24 CIDR

4. Set up Connection Request Policy that contains my Wireless Radius Client

5. Set up a Network Policy with:

    Conditions: Windows Groups=Domain Users, NAS Port Type = Wireless IEEE 802.11

     Constraints: Auth Method=PEAP, no boxes checked, created a cert via the following doc: https://documentation.meraki.com/General_Administration/Other_Topics/Creating_an_Offline_Certificate...

 

I'm seeing clear communication between the WAPS and the NPS server in the NPS logs located in C:\Windows\System32\Logfiles.

 

I'm seeing NO events in Event Viewer>Custom Views>ServerRoles>NPAS and NO events in Windows Logs>Security

 

What am I missing here?

 

5 Replies 5
Inderdeep
Kind of a big deal
Kind of a big deal

@BrettSanderson : Check if it helps

https://www.reddit.com/r/meraki/comments/fgtlaq/cant_get_wireless_authentication_with_windows_nps/

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @BrettSanderson , so you’re seeing nothing in your windows NPS logs. Do you have IP reachability between your server and APs?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

I AM seeing NPS communication between my server and the WAPs in my NPS logs.  It's the Windows event viewer that shows no sign of any authentication good or bad.

@BrettSanderson I tried using Windows NPS and gave up when I was having the same issue as you are, I found there are other methods of using Radius auth that don't involve windows and are far easier to setup.

 

Windows server logs are average at the best of times IMHO.  

PhilipDAth
Kind of a big deal
Kind of a big deal

The lack of records in the event viewer is usually related to the Windows audit policy on that machine.  Audit policy needs to be enabled to see the records.

https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-network-policy-se... 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels