Hi,
I'm trying to understand 802.1X authentications using a Windows Server 2012. I've done a deep research on the internet but I've seen that this topic is still confusing for a lot of people, as I seem to find always different informations.
What's more confusing are actually all the settings inside the NPS, that keep repeating themselves but in different windows with different graphics, so I don't really understand their meaning.
For example, creating a policy using the standard configuration from the first NPS' menu, it asks me this:
I can see that there is PEAP and EAP-MSCHAPv2. First question: shouldn't I find EAP-TLS too?
But then, if I select PEAP and I click on "Configure" I get this window:
You can see below it says AGAIN "EAP-MS-CHAPv2" as "EAP type" of PEAP. What's the difference between this one and the previous one?
But it's not finished yet. Once I've finished to create the Policy, I can modify its properties on the Network Policies side and under "Conditions" I can find again this:
Again a lot of different authentication methods, among which there is PEAP too (but it was PEAP already, no??), all of them unselected.
And under that I can find also "Allowed EAP types" which AGAIN has PEAP and EAP-MS-CHAPv2:
And changing tab, under "Constraints", I will find this:
So, five times MS-CHAPv2 (and others)...and this really confuses me. Can someone please explain to me briefly all these options? MS-CHAPv2 and PEAP shouldn't be two different authentication methods? Why I see them separated or joined in every different window
of NPS?
Thank you in advance and sorry.