Has anyone had success using MT as a Radius client connecting to NPS (Radius Server) with Active Directory??
I think I am close to getting it working, just missing something.. I have radius ppp working with VPN, but not radius wireless.
I have a network policy setup on Windows 2012 server for authentication with 802.11. Cant seem to send MSCHAP v2 over with the MT wireless profile...
Any suggestions?
How do you configure your MT wireless security profile authentication types for this?
My MT is mAP lite 6.40.8
Re: Radius - wireless login - to Active Directory
Okay, I got this working with a bit more trial and error. If anyone wants the info let me know. Ta!
Re: Radius - wireless login - to Active Directory
No harm in sharing it if you can. I don't use this feature, but might someday.
Re: Radius - wireless login - to Active Directory
MIKROTIK MAP LITEOkay, I got this working with a bit more trial and error. If anyone wants the info let me know. Ta!
In wireless security profile:
GENERAL tab
WPA EAP / WPA2 EAP
unicast/group ciphers aes ccm / tkip
RADIUS tab
nothing checked
EAP tab
EAP Methods = passthrough
TLS Mdoe: dont verify cert
TLS Cert: none
ACTIVE DIRECTORY (2012 server)
Dashboard manager, added Active Directory Certificate Services / Certification Authority / * ALL certificate options
NPS (Network Policy Server)
Added the MT as a RADIUS client, etc..
Added Network Policy:
Condition: added 802.11 NAS Port type
Condition: added Windows Groups (Domain Users)
Constraints Tab:
Auth method: EAP (PEAP)
Auth method: MS-Chap-V2 checked (Not needed)
Everything else default
Tested and Working CLIENT DEVICES:
Windows 10:
Added a new wifi network connection with settings:
Network name: Name of your SSID on MAP Lite
Security Type:WPA2-Enterprise AES
EAP Method: EAP (PEAP)
Auth Method (EAP-MSCHAP v2)
Linux (Debian Jessie)
/etc/NetworkManager/system-connections/wifi connection
key-mgmt=wpa-eap
phase1-peapver=0
phase2-auth=mschapv2
*********** system-ca-certs=FALSE **********
iPhone
Prompted for username and password; then prompted for CA and click trust cert and that was it
Re: Radius - wireless login - to Active Directory
Please may you share the details, i am trying to authenticate my wifi users on mikrotik AP using the AD via the NPS server. please please assist.Okay, I got this working with a bit more trial and error. If anyone wants the info let me know. Ta!
Re: Radius - wireless login - to Active Directory
Still works for me.. What is your issue?
However, I never did get the Framed-Pool attribute to work for Radius Wifi connections.
The attribute gets returned by NPS as I can see it in the log; but the client never gets assigned an IP address from the MT address pool that is referenced by framed-pool attribute...
However, I never did get the Framed-Pool attribute to work for Radius Wifi connections.
The attribute gets returned by NPS as I can see it in the log; but the client never gets assigned an IP address from the MT address pool that is referenced by framed-pool attribute...
Re: Radius - wireless login - to Active Directory
Worked 100% PERFECT! THANK YOU!!!MIKROTIK MAP LITEOkay, I got this working with a bit more trial and error. If anyone wants the info let me know. Ta!
In wireless security profile:
GENERAL tab
WPA EAP / WPA2 EAP
unicast/group ciphers aes ccm / tkip
RADIUS tab
nothing checked
EAP tab
EAP Methods = passthrough
TLS Mdoe: dont verify cert
TLS Cert: none
ACTIVE DIRECTORY (2012 server)
Dashboard manager, added Active Directory Certificate Services / Certification Authority / * ALL certificate options
NPS (Network Policy Server)
Added the MT as a RADIUS client, etc..
Added Network Policy:
Condition: added 802.11 NAS Port type
Condition: added Windows Groups (Domain Users)
Constraints Tab:
Auth method: EAP (PEAP)
Auth method: MS-Chap-V2 checked (Not needed)
Everything else default
Tested and Working CLIENT DEVICES:
Windows 10:
Added a new wifi network connection with settings:
Network name: Name of your SSID on MAP Lite
Security Type:WPA2-Enterprise AES
EAP Method: EAP (PEAP)
Auth Method (EAP-MSCHAP v2)
Linux (Debian Jessie)
/etc/NetworkManager/system-connections/wifi connection
key-mgmt=wpa-eap
phase1-peapver=0
phase2-auth=mschapv2
*********** system-ca-certs=FALSE **********
iPhone
Prompted for username and password; then prompted for CA and click trust cert and that was it