Hello friends,
we have got this problem with our 411AH.
We need use PEAP authentication...
If we try connect to our radius server (IAS Radius server), we cannot connect and in system log is this message:
User domain_name\user.name was denied access.
Fully-Qualified-User-Name = domain/.../User Name
NAS-IP-Address = 192.168.40.150
NAS-Identifier = MikroTik Wifi I.
Called-Station-Identifier = MAC_ADDRESS_OF_MT:SSID
Calling-Station-Identifier = MAC_ADDRESS_OF_CLIENT
Client-Friendly-Name = MikroTik Wifi I.
Client-IP-Address = 192.168.40.150
NAS-Port-Type = <not present>
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = MIKROTIK
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 66
Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy.
There is print of MT Radius settings:
Flags: X - disabled
# SERVICE CALLED-ID DOMAIN ADDRESS SECRET
0 ppp 192.168.x.x Secret
login
hotspot
wireless
dhcp
Print of interfaces:
Flags: X - disabled, R - running, D - dynamic, S - slave
# NAME TYPE MTU
0 MikroTik Wifi I. wlan 1500
1 R Local ether 1500
Print of wireless:
Flags: X - disabled, R - running
0 name="MikroTik Wifi I." mtu=1500 mac-address=xx:xx:xx:xx:xx:xx
arp=enabled interface-type=Atheros AR5413 mode=ap-bridge
ssid="SSID" frequency=2457 band=2.4ghz-b/g scan-list=default
antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none
wds-ignore-ssid=no default-authentication=yes default-forwarding=no
default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no
security-profile=SecPro compression=no
Security profile:
name="XXX" mode=dynamic-keys authentication-types=wpa2-eap
unicast-ciphers=aes-ccm group-ciphers=aes-ccm
supplicant-identity="MikroTik Wifi I." eap-methods=passthrough
tls-mode=verify-certificate tls-certificate=none static-algo-0=none
static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none
static-key-2="" static-algo-3=none static-key-3=""
static-transmit-key=key-0 static-sta-private-algo=none
static-sta-private-key="" radius-mac-authentication=no
radius-mac-accounting=no radius-eap-accounting=yes interim-update=0s
radius-mac-format=XX:XX:XX:XX:XX:XX
Have you got any idea? Thanks for help...