- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seeing "Unauthenticated" on Windows Nic after connecting to Meraki wifi via Windows NPS (Radius)
Seeing "Unauthenticated" on Windows Nic after connecting to Meraki wifi via Windows NPS (Radius)
I am following this guide (Configuring RADIUS Authentication with WPA2-Enterprise) to configure Meraki Wifi.)
Configuring RADIUS Authentication with WPA2-Enterprise - Cisco Meraki Documentation
I set up a new test meraki network and have pushed out the wifi profile via GPO. The windows test laptop can connect to the Meraki wifi network via radius and receives an IP address correctly from our on-prem DHCP server.
Radius auth using EAP-TLS is working.
Only bug is the windows nic says "Unauthenticated." It's on the correct vlan and it has network access.
What would cause this? The only thing I can think of is that I have not configured a "proper" (ie, from an enterprise CA) certificate for the NPS server. The NPS server does have an issued server cert from our standalone windows CA (we don't have an Enterprise CA yet). It does not seem to matter whether or not I click "Validate Server Certificate" on the gpo settings for the wifi profile. See below:
Solved! Go to solution.
- Labels:
-
SSID
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have solved the issue.
Meraki automatically blocks the first (default) SSID from accessing the local LAN. It was blocking DNS and all other domain traffic. (except for dhcp which it allows by default)
What tipped me off? 2 things:
1-Seeing the network profile in Windows showing as "private" instead of "domain."
2-Comparing the target SSID to another temporary SSID that I set up that does not use radius but rather only a PSK. When I saw "Clients blocked from using LAN" I knew I was on to something.
You have to change the setting in Firewall and traffic shaping. Working great now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried updating both the system and the wifi network card driver?
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the laptop has another NIC connected to the LAN that is working fine (no "unauthenticated" message)
and another wifi connection (the production wifi connection) that is also good.
So I'm leaning toward Paccer's solution of a review of dhcp/dns config.
I'll keep your suggestion in my back pocket for now, thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Suspect this is more of a client/DC or DNS problem than anything Meraki specific, you've confirmed the client has completed auth and has network connectivity
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm referring to updating the client system and the wireless card drive.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, Paccers, I am leaning toward this as well.
Hoping to get quality time to troubleshoot this today and tomorrow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have solved the issue.
Meraki automatically blocks the first (default) SSID from accessing the local LAN. It was blocking DNS and all other domain traffic. (except for dhcp which it allows by default)
What tipped me off? 2 things:
1-Seeing the network profile in Windows showing as "private" instead of "domain."
2-Comparing the target SSID to another temporary SSID that I set up that does not use radius but rather only a PSK. When I saw "Clients blocked from using LAN" I knew I was on to something.
You have to change the setting in Firewall and traffic shaping. Working great now.
