Anyone successfully configured Meraki Wireless MAC Address Authentication using Microsoft’s NPS server as struggling to get it to work, getting failures to connect to radius server.
If any of you have a config you could share much be greatly appreciated
Regards
Richard
Its a bit dangerous with NPS. You have to create a username and password in AD which are both the same as the MAC address. Make sure you don't give these users any special rights (from being a member of Domain Users).
Check out this article:
NPS sucks big time. At least it doesn‘t cost a dime...apart from giving your staff headache all the time.
Every time a customer has tried implementing it they came to us afterwards and asked us how to do it „the right way“...
so what is the "right way"?
@AmyLee the right way to do mac authentication would be to use a solution like Freeradius or Cisco ISE (amongst others) depending on the budget you have, as they all cost something, either in terms of money or time. I'd say that it is better still to use certificates if your devices and infrastructure support it, though for us that is often not the case.
@CptnCrnch it does cost, each device needs a device CAL unless the user has a user CAL already. We did start out that way and then realised it was a bit poor in terms of security and a big cost!
Great point @cmr! I was just quoting those who’re searching for reasons to use this crap. 😉