Meraki

Community

Freeradius

School_admin
Just browsing
Tuesday
Tuesday

Freeradius

Hello,
We operate a local AD with an NPS for the Meraki AP'S, which also works so far for all users.
Now we want to split the whole thing into 4 SSIDs, i.e. only certain users are allowed to log on to the corresponding SSID.
For this we want to switch from NPS to Freeradius 3.0 under ubuntu Server 24.04. The installation itself works without any problems, which I can check with the NTRadPing tool.
However, as soon as I integrate the radius in the dashboard, I get the message that the radius is accessible, but the login data is not correct. Messagetext.

"Authentication failed while testing on one of your access points. This means the RADIUS server was reached but your credentials were incorrect. The test was stopped to prevent this account from being locked out due to multiple failed attempts. Please try again with different username and/or password."

But the User and the Password are correct.


I have already copied the corresponding configuration from https://documentation.meraki.com/MR/Encryption_and_Authentication/Freeradius%3A_Configure_freeradius... , but unfortunately without success.
Is anyone familiar with this issue and knows where I can start?

 

 

Translated with DeepL.com (free version)

0 Kudos
2 Replies 2
AlexL1
Meraki Employee
Meraki Employee
Wednesday
Wednesday

Hi School_admin,

Welcome to Meraki Community 🙂

 

Have you taken packet captures while performing the RADIUS Test Tool button?

Wireshark filter - ip.addr==192.168.128.254 && radius (replace 192.168.128.254 with your RADIUS server IP)

 

Error message "the radius is accessible, but the login data is not correct" :

  • Have you tried with different login credentials? Do you have more than 1 AP in your network?
  • Is the credentials only failing while using the RADIUS Test Button or when connecting with a client device?

 

(1) Can you ping successfully the RADIUS Server? - https://documentation.meraki.com/MR/Wireless_Troubleshooting/MR_RADIUS_Troubleshooting

(2) Make sure the routing and firewalls are allowing communication to and from port 1812 - https://community.meraki.com/t5/Wireless/RADIUS-servers-testing/td-p/43865

(3) Check the RADIUS logs to see why it's failing.

(4) The Authentication method in use seems to be EAP-TLS: Certificate-based authentication - https://www.freeradius.org/documentation/freeradius-server/4.0.0/tutorials/eap-tls.html

(5) Make sure this AP Is added to the RADIUS Server as Client - Freeradius: Adding a gateway AP as a RADIUS client

(6) Is the credentials only failing while using the RADIUS Test Button or when connecting with a client device?

 

(7) Additional troubleshooting guides - https://documentation.meraki.com/MR/Encryption_and_Authentication/RADIUS_Issue_Resolution_Guide/TS-f...

Troubleshooting RADIUS server with the MX, Switch and MR using the Cisco Meraki Dashboard

 

(8) Using FreeRADIUS with Cisco Meraki

 

If you have additional questions, please don't hesitate to contact us.

 

If you found this post helpful, please give it kudos.
If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
In response to AlexL1
School_admin
Just browsing
yesterday
yesterday

Good morning,
First of all, thanks for the relevant information and sorry that I'm only getting back to you now as I have too many things to do at the moment.

Unfortunately, Wireshark does not currently work via the dashboard.

To 1
The Freeradius is in the same network as the access point and the port is also enabled.
To 2
Not applicable as the radius and AP are in the same network
To 3 and 4
I'll have another look today as I didn't know the link until now.
To 5
All clients are entered accordingly

Re 6
When testing via the dashboard, there is just this error message.

 

Completed testing connectivity to RADIUS server at xx.xx.xx.xx:1812
Authentication failed while testing on one of your access points. This means the RADIUS server was reached but your credentials were incorrect. The test was stopped to prevent this account from being locked out due to multiple failed attempts. Please try again with different username and/or password." So the connection between the APs and the RAdius looks good in the dashboard.

 

The user name and password are also requested on the client. Then I have to enter a password again, which makes me a bit nervous.

 

 


Regarding the other points
I will also work through them again today.

Translated with DeepL.com (free version)

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.