We are trying to setup wireless authentication using certificate alone and configured the SSID access control according to this article
This is the resulting setting for us
We want to use only certificate to authenticate and use the in-built radius server in Meraki AP because we don't have any on-premise infrastructure at all.
Whenever laptop try to connect to the SSID, they get prompted for username and passowrd, even though the certificate has been deployed on the laptop and the connection fails with error Failed authentication EAP Failure.
Why is it prompting user for username and password eventhough we enabled only certificate authentication and disabled password authentication.
Any help or suggestion will be appreciated.
Ensure that the certificate is correctly configured on the client devices. The certificate should be installed in the correct certificate store on the device.
The certificate are installed on Personal store for both local computer and current user.
The Iden Trust root CA is installed on Trusted Root CA Store
Take a look at the documentation.
I suggest that if the documentation doesn't help you open a support case.
I reference the doc already.
Question:
Is the SSID still meant to prompt for username and password even though i enabled only certificate authentication?
Theoretically it wasn't.
Thank you for your contribution.
i will open a support case.
any luck? I'm having the same issues with the same setup
It is normal to see a request for username and password if there is no WLAN profile configured on the client. The client doesn’t have any knowledge if the System wants username/password or a certificate. But when choosing EAP-TLS at least the password request should go away. At least this is how it works for me.
^ This ^ . Your client has to be configured to use EAP-TLS instead of EAP-PEAP and does have to know what cert to use for user auth.
Hi @GIdenJoe
Can you tell me how you set up the profile?
I created an SSID and exported the root certificate from my client certificate and uploaded it as a PEM in the dashboard.
I set up the WLAN profile as described here at Cisco (only the section for the profile): https://www.cisco.com/c/de_de/support/docs/wireless-mobility/wireless-lan-wlan/213543-configure-eap-...
However, a connection is still not possible.
The event log in the dashboard only shows "802.1X Failed authentication (EAP failure)".