How do I configure Network Policy Server to authenticate Web CaptivePortal requests for wireless?

I need assistance setting up a Windows 2008 Network Policy Server to be used as a radius server for a Web Captive Portal used to authenticate users allowed to connect to a wireless network.
I have PEAP set up and operational for domain joined workstations, but I need a separate authentication method set up for non-domain clients and so I created a separate WiFi network to use Captive Portal web authentication, but I can't get the portal to successfully authenticate the user attempting to connect.
Who is Participating?
byt3Author Commented:
Well, turns out there was something goofed up on the Meru 4100 somehow.  I changed the shared secrect between the Meru mobility controller and the Network Policy Server and then everything started working.

I originally had Network Policy Server console generate a random shared secret to use and so I coped and pasted it into the RADIUS settings in the Meru controller.  The reason this didn't strike me as the issue to begin with is that the shared secret wasn't a problem when the stations using PEAP connected only when the clients using the web captive portal connected (in Meru4100 controller you create a 'RADIUS' profile then configure the setups to use that profile and both setups were using the same single 'RADIUS' profile).

I wonder if there is some glitch with the Meru controller and using a shared secret that is too long or something like that.  I'll leave this question open temporarily to find out if this is a known bug.
byt3Author Commented:
More Information:

I have done more digging and found that when the RADIUS client (Meru 4100 Controller) sends the access request, the Network Policy Server doesn't respond.  In the event view I found "An Access-Request message was recieved from RADIUS client <ip address> with a message authenticator request attribute that is not valid." It appears as though the 'message authenticator attribute' is invalid and therefore the NPS doesn't respond at all (proper behaviour according to the RFC article from what I understand).

Domain joined computers are configured with certificates and those computers have no problem joining the domain using an SSID that authenticates using PEAP and does not cause the NPS to get the error about the message authenticator attribute.
I only have this problem when the web captive portal from the Meru 4100 mobility controller tries to authenticate the credentials the user enters in.
byt3Author Commented:
No furthur information as to where the fault was, but recreating the shared sercret did fix it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.