Meraki MR AD Auth without Splash Page login

Mohammad
Getting noticed

Meraki MR AD Auth without Splash Page login

Mates, Just need help!

 

I have Meraki MR and using AD authentication for SSID connectivity.

 

Customer used to login with there AD credentials to laptop for windows login and then try again to connect wth SSID which redirect to splash page for Domain name as password which is perfect working fine.

 

Now i need to achieve, once customer login with windows login with AD credentials its auto connect with SSID, is there any change i have to do in MR, or AD Group policy or any Script can work?

 

Is there any way to achieve this and any suggestions would be great help?

13 Replies 13
PhilipDAth
Kind of a big deal
Kind of a big deal
Mohammad
Getting noticed

@PhilipDAth  Thanks for your response.

 

Link you have shared is for WPA2-Enterprise with Meraki authentication, which require every-time to create user credentials on Meraki Dashboard.

 

I want my user to get it authenticated with AD, but wireless Corporate SSID on there laptop get  connect at same time once they login with there windows login AD credentials.

PhilipDAth
Kind of a big deal
Kind of a big deal
Mohammad
Getting noticed

@PhilipDAth  Thanks for Link.

 

Is there any way we can achive AD Auth with Windows login with Any Group policy or script?

MLST
New here

If you have a PKI setup in place you can use certificates to authenticate.  In the associated GPO you can also have it automatically connect.  Use Meraki's docs on RADIUS authentication for switches and APs for guidance.  

Once setup, users login to windows, windows sees the SSID you tell it to connect to, and automatically connects using a certificate to authenticate. 

 

Mohammad
Getting noticed

Mates,

 

Need suggestion?

 

I have coupe of MR at sites and having guest coming with iPhone, Ipad and other android device, 

What will be best way for Guest User Authentication ?

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Meraki has rich guest WiFi options.  You might want to start with this simple guide.

https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Configuring_Simple_Guest_and_Inte... 

Mohammad
Getting noticed

I have heard but not sure, please put some light.

 

Between MR and Radius Server Authentication or you can say first Handshake between MR and Radius server is in open text ? Any confirmation or Link to refer?

Bruce
Kind of a big deal

As a minimum the important parts of a RADIUS request are encrypted (I.e the password), but outside of that the RADIUS protocol doesn’t mandate much in the way of security, but often a secure tunnel/wrapper is used (this is normally EAP/PEAP). This is one very good reason to make sure the RADIUS shared key is of a good length and kept secure. You need to also consider the packet path between the Network Access Device and the RADIUS server too, how likely is it for someone to eaves drop on this path? (I’m not saying it’s impossible, but security is all about assessing your risks)

Mohammad
Getting noticed

@Bruce Thanks for clear explanation.

 

I just want to achieve below, please help me with your experience.

 

Customer used to login with there AD credentials to laptop for windows login and then try again to connect wth SSID which redirect to splash page for Domain name as password which is perfect working fine with MR and AD Auth.

 

But now customer need to achieve, once customer login with windows login with AD credentials its auto connect with Corporate  SSID, is there any change i have to do in MR, or AD Group policy or any Script can work?

 

Is there any way to achieve this and any suggestions would be great help?

Bruce
Kind of a big deal

You will need to move away from the Splash Page option to use Enterprise (802.1x) authentication to the wireless network to achieve ‘auto-login’. To do this you will need a RADIUS server that integrates with Microsoft AD, for example NPS which is a feature of Microsoft Widow. Meraki have a guide here for wireless with RADIUS authentication, https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_....

Mohammad
Getting noticed

@Bruce  Okies, I will try to setup Radius Server and integrate NPS with AD, Will let you know for update of any help required.

 

Mohammad
Getting noticed

@PhilipDAth  Thanks for Link.

 

Can I achieve same Radius Auth with Aruba Clear Pass?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels