Thursday, February 15, 2018

WiFI RADIUS Authentication using EAP-PEAP-MSCHAPv2

I am attempting to setup machine based authentication on a NPS RADIUS server using EAP-PEAP-MSCHAPv2. I understand that the NPS server needs a server certificate which we do have issued from Incommon. This is selected within the NPS PEAP settings to use the issued certificate installed on the server. On a Windows 8 client I configure the WiFi profile to use the SSID that is setup to use the NPS server from the WiFi controller. Whether I check to validate the certificate or not, connecting fails at the client and there is an error on the NPS server for the connection of “The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.” I am not sure if the certificate is the underlying issue with this error or not. While troubleshooting this for the past few hours I read how the certificate CA needs to be in the Trusted Root Certificate Store, which Incommon is not in the Trusted but in the Intermediate CA store. Just for testing purposes I did install the certificate issued from Incommon to the client and manually installed it to the Trusted Root store but that made no difference. Any thoughts on what could cause this? Thanks



No comments:

Post a Comment