How do I configure Network Policy Server to authenticate Web CaptivePortal requests for wireless?

Posted on 2011-05-12
Last Modified: 2012-06-21
I need assistance setting up a Windows 2008 Network Policy Server to be used as a radius server for a Web Captive Portal used to authenticate users allowed to connect to a wireless network.
I have PEAP set up and operational for domain joined workstations, but I need a separate authentication method set up for non-domain clients and so I created a separate WiFi network to use Captive Portal web authentication, but I can't get the portal to successfully authenticate the user attempting to connect.
Question by:byt3
    LVL 2

    Author Comment

    More Information:

    I have done more digging and found that when the RADIUS client (Meru 4100 Controller) sends the access request, the Network Policy Server doesn't respond.  In the event view I found "An Access-Request message was recieved from RADIUS client <ip address> with a message authenticator request attribute that is not valid." It appears as though the 'message authenticator attribute' is invalid and therefore the NPS doesn't respond at all (proper behaviour according to the RFC article from what I understand).

    Domain joined computers are configured with certificates and those computers have no problem joining the domain using an SSID that authenticates using PEAP and does not cause the NPS to get the error about the message authenticator attribute.
    I only have this problem when the web captive portal from the Meru 4100 mobility controller tries to authenticate the credentials the user enters in.
    LVL 2

    Accepted Solution

    Well, turns out there was something goofed up on the Meru 4100 somehow.  I changed the shared secrect between the Meru mobility controller and the Network Policy Server and then everything started working.

    I originally had Network Policy Server console generate a random shared secret to use and so I coped and pasted it into the RADIUS settings in the Meru controller.  The reason this didn't strike me as the issue to begin with is that the shared secret wasn't a problem when the stations using PEAP connected only when the clients using the web captive portal connected (in Meru4100 controller you create a 'RADIUS' profile then configure the setups to use that profile and both setups were using the same single 'RADIUS' profile).

    I wonder if there is some glitch with the Meru controller and using a shared secret that is too long or something like that.  I'll leave this question open temporarily to find out if this is a known bug.
    LVL 2

    Author Comment

    No furthur information as to where the fault was, but recreating the shared sercret did fix it.

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now