Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 3638 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Creates users with mac address

M8ey

Hey guys,

 

I have this weird issue with my XG.

Using STAS and also RADIUS SSO for Authentication. My domain users get authenticated (most of the time) and the wireless devices (Laptops, iOS etc) use RADIUS to pass their credentials to the XG. I can see in the Logs that the RADIUS SSO users get authenticated fine also.

I have noticed that randomly devices are being created with a new username in Users - the MAC Address of the device is the username (not the actual Auth name)

Why would this happen? Its like it cannot find the username that was used to authenticate with.

 

I am using Meraki WiFi and Server 2016 NPS / RADIUS. The devices authenticate and pass web traffic Ok so its working but cant see why the XG pulls there mac address as a username

 

Any clue where to look?



This thread was automatically locked due to age.
  • 0

    I believe I worked out what was causing this.

    I use Server 2016 NPS / RADIUS and all Wireless AP's Meraki MR18 / MR33 range. In the Meraki settings you can enable 802.1r technology:

     

    Cisco + Apple have co-developed an adaptive roaming technology for iOS devices to improve real-time application experience on enterprise networks. Adaptive 802.11r enables fast roaming for iOS devices detected by the Meraki Access Points while minimizing the possibility of incompatibility issues seen with full 802.11r enabled

     

    So basically it would appear as each Client was handed off to another AP and not forced to Re-Authenticate to save time and it lost its credentials and used the UniqueID out of DHCP to identify the client which then went back via RADIUS accounting and the XG Picked it up and created a user with the MAC address. I can only assume UniqueID out of DHCP as the username being created was not a standard MAC address format of 00-00-00-00-00-00 but rather 0000000000

     

    I have disabled Adaptive 802.1r on the Meraki AP's and the issue has gone away.

    Not sure of a work around yet as I would prefer to use 802.1r but if the Meraki AP /Sophos / NPS reads it wrong its causing more trouble then benefits given