RADIUS is running on NPS Windows 2016 Datacenter
AP is Meraki MR33
I have tried just about everything I can think of in this configuration and cannot get a connection. I have looked over some of the other articles in the forum also but no success. If anyone can point out a flaw or something I have missed here it would be greatly appreciated! Config info is text and can attach screenshots if anyone needs them for reference for RADIUS server, GPO applied and Meraki config.
Following NPS configuration information:
NPS Server, WIN 2016 DC
Enrolled in AD Services
Certificate from CA applied
RADIUS Clients: 10.0.0.0/8
Manually Generated Shared Secret correct between devices
Vendor Name as RADIUS Standard
Connection Request Policies:
Policy: enabled
Type of server: unspecified
Conditions:
NAS Port type: Wireless IEEE 802.11 OR Wireless Other
Settings:
Authentication: authenticate requests on this server
No Accounting
Attribute type: Caller-Station-Id
No other settings applied
Network Policies:
Policy: enabled
Grant Access
Ignore user account dial-in properties
Type of server: unspecified
Conditions:
Wireless IEEE 802.11 OR Wireless Other
User Groups: (domain name)\domain users and (domain name)\domain computers
Constraints:
Auth methods EAP Types (in listed order top to bottom): MS Secured Password EAP_CHAP v2, MS Protected EAP (PEAP,) MS Smart Card or other cert
Idle Timeout, Session Timeout, CallerStation ID and day/time restrictions not configured/default
NAS Port Type: Wireless IEEE 802.11 OR Wireless Other
Settings:
Framed Protocol: PPP
Service Type: Framed
Vendor specific: none
BAP: server settings determine...
IP filters: none
Encryption: 40, 56 and 128 checked, no encryption is NOT checked
IP Settings: Server settings determines...
GPO: no inheritance from other GPO's and only GPO in the test OU
Comp config-Security-wireless-new
Policy Name: RADIUS-TEST
Properties:
General Tab: Policy name and description same name
Use Windows WLAN autoconfig service for clients CHECKED
SSID "RADIUSTEST"
Network Permissions:
Infrastructure
Allow
NO other boxes checked
SSID Profile RADIUSTEST:
Connection tab: SSID RADIUSTEST
all Connect boxes checked
Security tab:
WPA2-Enterprise
AES_CCMP
Network auth method: PEAP -Properties: Verify server, cert server is checked, tell if server cant be identified, auth method is EAP-MSCHAP v2 -Advanced: PMK caching is only box checked
Auth mode: User or computer
Cache information is checked
Meraki config:
MR33 AP connected to MX67
AP has static internal address assigned
Gateway is correct
SSID: RADIUSTEST
WPA2-Enterprise with my RADIUS server
WPA encryption: 1 and 2 allowed
802.11 r/w: disabled
No splash page
Radius server IP, port 1812, shared secret from NPS
No accounting, proxy or group policies
Bridge mode
VLAN tagging
VLAN ID: # for wireless vlan on appliance
Ignore VLAN attributes in RADIUS responses
No Content filter or Bonjour forwarding
I can successfully ping the NPS server from my Meraki appliance and the Meraki appliance from my NPS server
Checked shared secret three times to verify it was input correctly3
I keep thinking this may be a cert issue, as I can find nothing I have NOT done based on other threads with similar issue. Anyone want to take a stab at this with me?
