The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About IngramLeedy
IngramLeedy

IngramLeedy

Here to help

Member since Sep 20, 2017

‎05-31-2018
Kudos from
User Count
jtlonginAuburn
jtlonginAuburn
1
shauno
shauno
1
toffitomek
toffitomek
1
mkopp
mkopp
1
Hyperstixx
Hyperstixx
1
View All
Kudos given to
User Count
NikolaiProniaev
NikolaiProniaev
1
STS
STS
1
View All

Community Record

12
Posts
19
Kudos
0
Solutions

Badges

1st Birthday
First 5 Posts
First 10 Kudos
Lift-Off View All
Latest Contributions by IngramLeedy
  • Topics IngramLeedy has Participated In
  • Latest Contributions by IngramLeedy

Re: Configure a splash (EXCAP) with with sign-on in Azure AD

by IngramLeedy in Wireless LAN
‎05-31-2018 07:06 AM
3 Kudos
‎05-31-2018 07:06 AM
3 Kudos
... View more

Re: Configure a splash (EXCAP) with with sign-on in Azure AD

by IngramLeedy in Wireless LAN
‎05-31-2018 06:56 AM
‎05-31-2018 06:56 AM
  >are you able to pass the connected users information to Meraki for log purpose?   We have the all the user information that is the O365 profile available to pass to Meraki, but the Meraki EXCAP API doesn't have a mechanism to input it.     It does register the login as it would on Ethernet with the computer's machine name.     ... View more

Re: 802.1X access policies - Radius and/or o365 AD with MFA

by IngramLeedy in Wireless LAN
‎05-31-2018 06:02 AM
6 Kudos
‎05-31-2018 06:02 AM
6 Kudos
  A quick update to.. We've developed a click-thru webapp that uses graph API to seamlessly login the user (SSO to O365), authorize to the meraki, and then redirect the user to their original page.     By setting the duration of the authorization in the Meraki dashboard you can have it re-authorize every 90 days for example or revoke the authorization manually.   If there is enough interest, we'll polish the solution up and provide it as either source code or a possible service if there is enough interest. Let me know. Thanks!   -Ingram ... View more

Re: Configure a splash (EXCAP) with with sign-on in Azure AD

by IngramLeedy in Wireless LAN
‎05-31-2018 06:01 AM
5 Kudos
‎05-31-2018 06:01 AM
5 Kudos
  We've developed a click-thru webapp that uses graph API to seamlessly login the user (SSO to O365), authorize to the meraki, and then redirect the user to their original page.     By setting the duration of the authorization in the Meraki dashboard you can have it re-authorize every 90 days for example or revoke the authorization manually.   If there is enough interest, we'll polish the solution up and provide it as either source code or a possible service if there is enough interest. Let me know. Thanks!   -Ingram ... View more

Re: Configure a splash (EXCAP) with with sign-on in Azure AD

by IngramLeedy in Wireless LAN
‎02-28-2018 01:03 PM
2 Kudos
‎02-28-2018 01:03 PM
2 Kudos
Palo Alto has a marketplace app that integrates into Azure.  Meraki this would be an awesome addition, https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-paloaltonetworks-captiveportal-tutorial     ... View more

Re: Configure a splash (EXCAP) with with sign-on in Azure AD

by IngramLeedy in Wireless LAN
‎02-28-2018 01:01 PM
‎02-28-2018 01:01 PM
Sounds like a great idea.     I was looking at perhaps a landing page, that redirects has a nice splash page, asks for email, then redirects your to Azure SSO for authorization.  I found theses examples:   https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-scenarios   https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-roleclaims/   https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims   Has anyone else done this?   ... View more

Re: vMX100 Azure Cloud

by IngramLeedy in Security / SD-WAN
‎12-08-2017 09:23 AM
‎12-08-2017 09:23 AM
Does the license you buy from Meraki include the VM or is the VM an additional cost. From what I can tell the VM is about $85/month. Any clarification would be helpful. THanks! ... View more

Re: IOS 11 -> WPA2 Wifi radius.meraki.com godaddy certificate not trusted

by IngramLeedy in Wireless LAN
‎10-26-2017 09:22 AM
‎10-26-2017 09:22 AM
This issue seemed to resolve. We tested about a week ago and it continues to connect successful today. ... View more

Re: 802.1X access policies - Radius and/or o365 AD with MFA

by IngramLeedy in Wireless LAN
‎10-12-2017 11:59 AM
‎10-12-2017 11:59 AM
I agree if it prompted over and over wouldn't be useful, but When we use MFA/2FA with other applications like Outlook, Skype for Business, or other website resources they don't re-prompt for MFA until a policy timeout period (30 days, etc).       To me it seems the world is heading this direction, why not wireless authentication (or at least for a period of policy timeout).     Microsoft's RADIUS Network Policy server supports RADIUS with MFA, SourceURL:https://docs.microsoft.com/en-us/azure/multi-factor-authentication/nps-extension-vpn VPN integration with Azure MFA using NPS extension | Microsoft Docs The VPN server receives an authentication request from a VPN user that includes the username and password to connect to a resource, such as a Remote Desktop session. Acting as a RADIUS client, VPN server converts the request to a RADIUS Access-Request message and sends the message (password is encrypted) to the RADIUS (NPS) server where the NPS extension is installed. The username and password combination is verified in Active Directory. If the username / password is incorrect, the RADIUS Server sends an Access-Reject message. If all conditions as specified in the NPS Connection Request and Network Policies are met (for example, time of day or group membership restrictions), the NPS extension triggers a request for secondary authentication with Azure MFA. Azure MFA communicates with Azure Active Directory, retrieves the users's details, and performs the secondary authentication using the method configured by the user (text message, mobile app, and so on).  (I assume this secondary authentication could be configured, as to when and what rules it should ask) Upon success of the MFA challenge, Azure MFA communicates the result to the NPS extension. After the connection attempt is both authenticated and authorized, the NPS server where the extension is installed sends a RADIUS Access-Accept message to the VPN server (RADIUS client). The user is granted access to the virtual port on VPN server and establishes an encrypted VPN tunnel.   ... View more

802.1X access policies - Radius and/or o365 AD with MFA

by IngramLeedy in Wireless LAN
‎10-12-2017 06:59 AM
3 Kudos
‎10-12-2017 06:59 AM
3 Kudos
This might be more of a feature request. Microsoft has a huge initiative to move their own internal AD to AzureAD, we well as we are moving clients to AzureAD.   (Our organization including).   We have also enabled MFA (multi factor) authentication for clients too added security.    It would be nice if Meraki would support Azure AD for authentication or a simple combination of a way to use a RADIUS/Azure AD (with MFA support).      We've looked at some 3rd party RADIUS providers that have support for Azure AD - but the MFA/2FA seems to be issues.    Ideally we'd like to use 8021.X for both enterprise WiFi access and switch port access for Windows 10 devices connected directly to the switch.   Thanks for any feedback, comments, real-work experience, thoughts. Thanks!  -Ingram ... View more

Re: IOS 11 -> WPA2 Wifi radius.meraki.com godaddy certificate not trusted

by IngramLeedy in Wireless LAN
‎09-21-2017 03:54 PM
‎09-21-2017 03:54 PM
Interesting information. I haven't made any process with Meraki support. The latest they want me to contact Apple.     Have you made any progress?      It seem as they need to re-issue the certificate for radius.meraki.com with SHA-256.   After reading you message, I found this article that I found helpful about SHA1 depreciation.  https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know       ... View more

IOS 11 -> WPA2 Wifi radius.meraki.com godaddy certificate not trusted

by IngramLeedy in Wireless LAN
‎09-20-2017 07:28 AM
‎09-20-2017 07:28 AM
IOS 11 users are unable to connect to Wifi WPA2. Users receive error about radius.meraki.com certificate issued by GoDaddy is not trusted. If you trust the certificate, it ignore, and will not connect and prompt again when re-connecting.   Is it possible that Meraki is not sending the intermediate certificates? ... View more
Kudos from
User Count
jtlonginAuburn
jtlonginAuburn
1
shauno
shauno
1
toffitomek
toffitomek
1
mkopp
mkopp
1
Hyperstixx
Hyperstixx
1
View All
Kudos given to
User Count
NikolaiProniaev
NikolaiProniaev
1
STS
STS
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: 802.1X access policies - Radius and/or o365 AD with MFA

Wireless LAN
6 12669

Re: Configure a splash (EXCAP) with with sign-on in Azure AD

Wireless LAN
5 16702

Re: Configure a splash (EXCAP) with with sign-on in Azure AD

Wireless LAN
3 16686

802.1X access policies - Radius and/or o365 AD with MFA

Wireless LAN
3 15516

Re: Configure a splash (EXCAP) with with sign-on in Azure AD

Wireless LAN
2 17416
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki