Hello everyone
I'm having a realy hard time configuring my wireless to work with PEAP-TLS.
I'm able to make it work with MSCHAPv2, but I don't want mobile devices that are outside my AD domain to connect in my wireless... so as far as I know TLS is the way to go, right?
Here is the error I get in the event viewer(FG-RD-TESTE and both connection request policy and network policy name are right, TESTE_RADIUS).
RADIUS Client:
Client Friendly Name:FG-RD-TESTE
Client IP Address:172.19.60.14
Authentication Details:
Connection Request Policy Name:TESTE_RADIUS
Network Policy Name:TESTE_RADIUS
Authentication Provider:Windows
Authentication Server:VP-DHCP01.XXX.LOCAL
Authentication Type:MS-CHAPv2
EAP Type: -
Account Session Identifier:3137366262396334
Logging Results:Accounting information was written to the local log file.
Reason Code: 66
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
One of my problems(I don't know if is realy a problem, but I don't know why it is happening) is that when I try to connect in the Wifi, the authentication comes to the NPS as a Virtual(VPN) type, so in the NAS Port Type, I have to mark Virtual(VPN), otherwise it won't work
So my conditions are
NAS port type : VPN, Wireless, Wireless otherwise
Windows Group: Domain\Wifi_Group
Client IPv4 Address: 172.19.60.14
The 172.19.60.14 is the IP address of the wifi subnet gateway, all requests will arrive in the NPS with this source IP.
In the authentication methods, I configured "Microsoft: Protected EAP(PEAP)", and inside of it I configured the eap type "Smart Card or other certificate"
My server certificate has the Server Authentication role, but I don't know how to find out which certificate my client(client is in the domain) is using, so I can verify if it have the Client Authentication set.
I don't know if there is something wrong, but in the event viewer, the client seems to be using MSCHAPv2, but I need to work via PEAP-TLS.
I'm having a realy hard time configuring my wireless to work with PEAP-TLS.
I'm able to make it work with MSCHAPv2, but I don't want mobile devices that are outside my AD domain to connect in my wireless... so as far as I know TLS is the way to go, right?
Here is the error I get in the event viewer(FG-RD-TESTE and both connection request policy and network policy name are right, TESTE_RADIUS).
RADIUS Client:
Client Friendly Name:FG-RD-TESTE
Client IP Address:172.19.60.14
Authentication Details:
Connection Request Policy Name:TESTE_RADIUS
Network Policy Name:TESTE_RADIUS
Authentication Provider:Windows
Authentication Server:VP-DHCP01.XXX.LOCAL
Authentication Type:MS-CHAPv2
EAP Type: -
Account Session Identifier:3137366262396334
Logging Results:Accounting information was written to the local log file.
Reason Code: 66
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
One of my problems(I don't know if is realy a problem, but I don't know why it is happening) is that when I try to connect in the Wifi, the authentication comes to the NPS as a Virtual(VPN) type, so in the NAS Port Type, I have to mark Virtual(VPN), otherwise it won't work
So my conditions are
NAS port type : VPN, Wireless, Wireless otherwise
Windows Group: Domain\Wifi_Group
Client IPv4 Address: 172.19.60.14
The 172.19.60.14 is the IP address of the wifi subnet gateway, all requests will arrive in the NPS with this source IP.
In the authentication methods, I configured "Microsoft: Protected EAP(PEAP)", and inside of it I configured the eap type "Smart Card or other certificate"
My server certificate has the Server Authentication role, but I don't know how to find out which certificate my client(client is in the domain) is using, so I can verify if it have the Client Authentication set.
I don't know if there is something wrong, but in the event viewer, the client seems to be using MSCHAPv2, but I need to work via PEAP-TLS.