The wireless connection policy configured on your RADIUS server must be configured to use PAP as the authentication method when you are using the Sign-on Splash page feature with a customer hosted RADIUS server.
With PAP, user credentials are sent in plain text. However, in a Meraki network, user credentials are encrypted in an SSL tunnel when sent from the clients web browser to the Meraki Cloud. The Meraki Cloud acting as the RADIUS client sends the username and password along with other connection specific data in a RADIUS Access-request to the RADIUS server you specified in Dashboard. For security, the Meraki Cloud encrypts the password using the RADIUS shared secret and an XOR function. This ensures the users password is never transmitted in plain text.
To enable PAP as an accepted authentication method in the Microsoft Network Policy Server, please take the steps below.