I'm trying to setup a wlan on microtik so that users will use their username/password in AD to connect.
I've got to the point where computers that are members of the domain (and has a certificate from the domain installed) will connect using the certificate and not ask for username/password. But I want this to work with computers/mobiles that are not members of the domain. I want them to type in their (domainname/)username/password.
I've got it working on a cisco AP using this guide:
http://jackstromberg.com/2013/05/tutori ... up-policy/
As it works on the cisco and not on the mikrotik I guess the radius server is setup correctly, and I think there must be something in the cisco config that I've missed when trying to do the same in mikrotik.
Here is what I have on the running config, the one that (unintentionally) works with domain certificate authentication, but not with (domain/)username/password authentication.
Code: Select all
/radius
add address=10.61.6.55 secret=password service=ppp,login,wireless src-address=10.61.6.216
/interface wireless security-profiles
add authentication-types=wpa-eap,wpa2-eap mode=dynamic-keys name="WIFIradius" radius-eap-accounting=yes radius-mac-mode=as-username-and-password supplicant-identity="WIFI216" tls-mode=dont-verify-certificate
/interface wireless
add disabled=no l2mtu=2290 mac-address=02:0C:42:6C:B8:AA master-interface=wlan1 name=C-WIFI security-profile="WIFIradius" ssid=testWIFI wds-cost-range=0 wds-default-cost=0
So it seems like the mikrotik sends some kind of certificate to the radius server, and not the username/password.Reason Code: 265
Reason: The certificate chain was issued by an authority that is not trusted.
Which setting am I missing?
I am glad its working for you now