Meru Technical Note - Captive portal users fail to authenticate with the backend Radius server

STEP 1 :

Verified if the captive portal configuration is performed correctly in the controller.

STEP 2 :

Verified if the SSL-sever is mapped to the Radius server.

STEP 3:

Clients connecting to it are able to get the web-auth screen after getting connected to the SSID but while giving the credentials it says that the Authentication failed.

STEP 4 :

Verified the Radius profile configuration in the IAS server.

STEP 5:

The Radius profile was already added with the controller’s IP address.

STEP 6:

Verified the Remote access policy – found a policy enabled with the EAP type set with the MS-CHAP.

STEP 7:

Created another Remote access policy with the attribute selected as the NAS-IP address by giving the controller’ IP address in it. Selected the EAP Method as Unencrypted authentication (PAP, SPAP) by selecting the EAP type as Protected EAP as well map the certificate to it.

STEP 8:

Verified the client connectivity. Connected a client to the SSID and gave the user name and the password in the web auth screen and the authentication was successful.

RESOLUTION :

Verified the configuration in the controller and in the IAS server. The Remote access policy was not configured with the correct EAP method in it. After the configuring the Remote access policy with the correct EAP Method, the client authentication was successful.

ROOT CAUSE:

The reason why the client was failing to authenticate with the captive portal SSID was due to the configuration that was not performed correctly in the IAS server. Created a Remote access policy with the EAP Method as Unencrypted authentication (PAP, SPAP) which fixed the issue