Meraki

Community

About Claudiosm

Re: Meraki Local Auth - Failed due to RADIUS timeout (127.0.0.1)

by in Wireless
‎Nov 10 2023 8:49 AM
‎Nov 10 2023 8:49 AM
They actually replied on May 16th that it was supposed to be fixed but when I tried it wasn't. I gave up and moved on. Did it eventually start working for you? ... View more

Re: Meraki local auth confuguration

by in Wireless
‎Jun 14 2023 6:52 PM
1 Kudo
‎Jun 14 2023 6:52 PM
1 Kudo
Hi James,    In my case i'm trying to use LDAP with OKTA cert, how did you added this to the cert itself? You just edit the cert with a text editor and add that line("X509v3 Subject Alternative Name")?        By the doc says:   The LDAP server’s certificate must have a subjectAltName field that matches the Host address configured on the dashboard (either IP address or FQDN) which in my case would be something in the terms of domain.ldap.okta.com   is that it? ... View more

Re: Enterprise with Local Auth with LDAP - Can use OKTA without on PREM Ser...

by in Wireless
‎May 21 2023 8:20 PM
‎May 21 2023 8:20 PM
Answering my own thread but here we go:   Short answer is YES, you can use local auth without on prem, as far you have some sort of LDAP somewhere(okta in our case). For Local Auth to work and be able to pass authentication when the radius built on each AP is requested, in each client, EAP-TTLS + PAP has to be configured. We can potentially push an MDM Profile with these settings, I believe, both on Macs and Windows 10 clients; here some details:       https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_EAP-TTLS___PAP_Authentication_on_Windows_8_and_10   and MacOs   https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_EAP-TTLS___PAP_Authentication_on_Mac_OS_X_and_iOS   in a few words, because of the security implications, best route would be to require a cert as well(buying from digicert or someone of the sort) to enforce EAP-TLS over EAP-TTLS/PAP       ... View more

Re: WIFI Local Auth is unusable if more than 1 AP

by in Wireless
‎May 17 2023 5:11 AM
‎May 17 2023 5:11 AM
Although Meraki connects over port 389 it is not clear text LDAP. It will try to negotiate secure connection it means that LDAP server needs to present certificate and Meraki needs to trust it. I pointed Meraki directly to AD domain controller as 2FA was not needed for WiFi.   After it was clear that Meraki built in LDAP auth is not usable if there is more than 1 AP in the environment I started looking into deploying dedicated RADIUS server. Initially wanted to use Freeradius but Meraki don't support sending user credentials to RADIUS to perform LDAP binding (it only supports challenge handshake) I took simple path and used domain joined Windows server with NPS service to perform RADIUS to LDAP authentication and it finally works as needed.   Challenge handshake don't work with LDAP binding. http://deployingradius.com/documents/protocols/oracles.html ... View more

Re: Error when trying to save Enterprise with Local Auth - WAP incompatible...

by in Wireless
‎May 12 2023 5:16 AM
‎May 12 2023 5:16 AM
I can confirm the bug. In the SSID Access control settings when I switch to the new config/ dashboard version it isn't possible to save after switch the WPA encryption mode to "WPA2 only". Go to the "old version" then saving works.   ... View more
© 2024 Cisco Systems, Inc.