RADIUS w/ EAP-MSCHAPv2 Not Working with Microsoft NPS
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hello all, I will cut right to the chase:
This issue is also detailed on the TP-Link Omada Reddit page:
https://www.reddit.com/r/homelab/comments/16fbh84/re_tplink_omada_microsoft_nps_please_help_me_with/
----------------------------------------------------------------------------------------------------------------------------------------------------
Issue:
As it stands right now, I am trying to use my Windows Laptop as a wired RADIUS supplicant and I have my TPLink Omada TL-SG3428 acting as wired RADIUS client. I am using the Omada controller (Virtual Machine) to manage the switch. Users are to connect to the wired network and authenticate with their AD account credentials, so long as they are in the group "RADIUS users."
After numerous packet captures, log entries, and troubleshooting, I am at the following position every single time I attempt to connect to the network:
LOG ENTRY --->
-----------------------------------------------------------------------------------------------------------------------------------------------------
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: SELLHOUSE\\TestUser4
Account Name: SELLHOUSE\\TestUser4
Account Domain: SELLHOUSE
Fully Qualified Account Name: sellhouse.lan/DomainUsers/TestUser4
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: -
Calling Station Identifier: 54-EE-75-27-75-24
NAS:
NAS IPv4 Address: [10.17.93.8](https://10.17.93.8)
NAS IPv6 Address: -
NAS Identifier: 54AF97051F6B
NAS Port-Type: Ethernet
NAS Port: 20
RADIUS Client:
Client Friendly Name: Omada Switch
Client IP Address: [10.17.93.8](https://10.17.93.8)
Authentication Details:
Connection Request Policy Name: Omada
Network Policy Name: Omada RADIUS
Authentication Provider: Windows
Authentication Server: R510TestServer.sellhouse.lan
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 22
Reason: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
-----------------------------------------------------------------------------------------------------------------------------------------------------
I CANNOT MAKE THIS ERROR GO AWAY. I am attempting to use EAP-MSCHAPv2 to authenticate. It is configured this way on all devices that I can see. The issue is that Omada Controller only has PAP and EAP as options for the auth. protocol...but WHICH EAP PROTOCOL DOES IT MEAN BY THAT?
I am quite confused and am in need of some guidance. Pictures can be found in the links above. I can provide any further pictures or information that anybody needs to help me troubleshoot this.
-----------------------------------------------------------------------------------------------------------------------------------------------------
