- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RADIUS success on Meraki dashboard failure on clients (Android and Win7)
Greetings-
We have successfully installed radius server on Meraki Dashboard and server passes test. When trying to connect clients (Android and Win7) it gives password error.
I'm at my wits end here. ALL HELP is appreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
/You provide so little information it is not possible to help you.
How are you using Radius? Client VPN? WPA2 authentication? Something else? Radius proxy?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah, providing more information will definitely assist us in helping you. Does testing the Radius authentication pass under the access control page?
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So sorry for not providing more info, just at my wits end so i turned off all computers for the weekend. here's the info:
Windows server 2008 NPS server; EAP-MSCHAP v2, PEAP
Meraki configured WPA2-Enterprise with My Radius Server, no splash page
RADIUS Server PASSES test on Meraki Dashboard
All clients get "password error" when trying to connect (Android or Win7 laptops)
any further coinfig i should send you??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So sorry for not providing more info, just at my wits end so i turned off all computers for the weekend. here's the info:
Windows server 2008 NPS server; EAP-MSCHAP v2, PEAP
Meraki configured WPA2-Enterprise with My Radius Server, no splash page
RADIUS Server PASSES test on Meraki Dashboard
All clients get "password error" when trying to connect (Android or Win7 laptops)
any further coinfig i should send you??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You still haven't answered one of my questions from my first post? What is using the RADIUS? WiFi? Client VPN? Content filtering? What are you using it for.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apologies it is on my SSID so i presume that means the WiFi configured for RADIUS:
SSID
Access control
Encryption 802.1X with custom RADIUS
Sign-on method None
Bandwidth limit unlimited
Client IP assignment Local LAN
Clients blocked from using LAN n/a
Wired clients are part of Wi-Fi network no
VLAN tag xxx
VPN disabled
we are trying to set up a Staff SSID just like we have on our failing aging Cisco APs that uses the users AD credentials and password to access the network.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On your RADIUS server you only need PEAP enabled, and then in the PEAP properties you should have MSCHAPv2 enabled.
You do not need MSCHAPv2 in the "outer" layer where PEAP is.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you. Passed test in Meraki Dashboard SSID Access Configuration Test RADIUS :
Completed testing to "192.168.xxx.xx:1812 for user"
Total APs: | 8 |
APs passed: | 3 |
APs failed: | 0 |
APs unreachable: | 5 |
All online access points successfully contacted the RADIUS server, however 5 access points were offline and could not be tested.
RADIUS attributes used:
RADIUS attributes unused:
Framed-Protocol:PPP
Service-Type:Framed-User
MS-CHAP-Domain:DOMAIN NAME
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For Android use these settings:
EAP Method = PEAP
Phase-2 Authentication = PEAP
CA Certificate = Do not validate (or you need to install the root certificate that issued your RADIUS server certificate)
Identity = AD username
Anonymous Identity = Blank
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok at least now i'm getting a different error.. failed to obtain IP....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That sounds like you have now authenticated (you should be able to see the client int he Dashboard) but that you have a DHCP issue now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SUCCESS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! A MILLION THANK YOUS!!!!! Here is the end result fix:
in Micro$oft NPS server removed MSCHAPv2 as an EAP type as suggested
changed DHCP to NAT mode: Use Meraki DHCP
on android device:
EAP Method = PEAP
Phase-2 Authentication = none
CA Certificate = (unspecified)
Identity = AD username
Anonymous Identity = Blank
Password=Password
Thank you Phillip! hope this helps someone else !!!
![](/skins/images/8C46D8702B8366075D87F32BD48621DC/responsive_peak/images/icon_anonymous_message.png)