Hello everyone, I have the following problem in the communication and deployment of the captive portal (splash login) between the Meraki access points and my current active directory.
I have a total of 9 access points distributed throughout the corporate network but I cannot find the loss of communication with the captive portal (splash login)
The passwords of the users (AD) are updated, the communication via ICMP packets to the AD server is successful but the communication with port 3268 is what fails and they cannot communicate
Review the documentation.
The following requirements must be configured on each AD server being used for authentication:
When Active Directory authentication is configured, the MR queries the Global Catalog over TCP port 3268. Therefore the Active Directory server (Domain Controller) specified in Dashboard must also hold the Global Catalog role.
I have reviewed all the documentation for the deployment of access control for active directory users through splash login with their accounts but I still cannot achieve effective communication.
Are you using the short domain\user?
What permissions should the active directory admin account have?
and I am using the UPN of each active directory account
Doc 😉
User permissions for the Active Directory account does not need to be anything special I believe. Ours is just a member of domain users
I am also experiencing this issue but we have a call logged with Meraki as it appears to be a wider issue and being looked at by some internal team.
I just got off the phone with a rep, this issue just presented itself on our network today. Nothing in the network changed, connectivity from AP to server is good, but it keeps failing on port AD Global catalog service port. They informed me that this is a meraki-wide issue, as they are seeing it in multiple networks.
Have you gotten a solution for this? my AD connectivity failed today/yesterday, support are looking into it but haven't got back to me yet.
Yesterday I was able to communicate with Meraki support by creating a ticket and they told me that they are presenting a bug about this same case, loss of communication in Meraki (MR) authentication with splash login and active directory integration
I just got a message from Meraki support that a back-end cloud communication issue was the cause of the failure of the APs communicating with AD servers on port 3268.
Now I wonder if changing the ports on the server and the APs would have fixed this problem.
Regardless, I feel like Meraki is not being transparent on this issue.
We tried different ports 3268 and 3269 and got the same issue .. Didn't try any other port numbers ..
This does seem to be corrected now
Yes recieved word from Meraki this morning approx 8:30 GMT that the issue has been resolved . All of our users can Authenticate and all Access points can communicate with Global Catalog again.
On Friday of last week he told me that the group of Meraki engineers had made some fixes in the communication with port 3268 towards the integration and active directory which now allows communication. In case of failures, it also never hurts to renew the network cabling (cat6) of the access point.