Windows 10: AP unable to authenticate to RADIUS server

Discus and support AP unable to authenticate to RADIUS server in Windows 10 Network and Sharing to solve the problem; RADIUS is running on NPS Windows 2016 Datacenter AP is Meraki MR33 I have tried just about everything I can think of in this configuration and... Discussion in 'Windows 10 Network and Sharing' started by Lee.NSM, Aug 27, 2019.

  1. Lee.NSM Win User

    AP unable to authenticate to RADIUS server


    RADIUS is running on NPS Windows 2016 Datacenter

    AP is Meraki MR33



    I have tried just about everything I can think of in this configuration and cannot get a connection. I have looked over some of the other articles in the forum also but no success. If anyone can point out a flaw or something I have missed here it would be greatly appreciated! Config info is text and can attach screenshots if anyone needs them for reference for RADIUS server, GPO applied and Meraki config.





    Following NPS configuration information:



    NPS Server, WIN 2016 DC

    Enrolled in AD Services

    Certificate from CA applied

    RADIUS Clients: 10.0.0.0/8

    Manually Generated Shared Secret correct between devices

    Vendor Name as RADIUS Standard



    Connection Request Policies:

    Policy: enabled

    Type of server: unspecified



    Conditions:

    NAS Port type: Wireless IEEE 802.11 OR Wireless Other



    Settings:

    Authentication: authenticate requests on this server

    No Accounting

    Attribute type: Caller-Station-Id

    No other settings applied







    Network Policies:



    Policy: enabled

    Grant Access

    Ignore user account dial-in properties

    Type of server: unspecified



    Conditions:

    Wireless IEEE 802.11 OR Wireless Other

    User Groups: (domain name)\domain users and (domain name)\domain computers



    Constraints:

    Auth methods EAP Types (in listed order top to bottom): MS Secured Password EAP_CHAP v2, MS Protected EAP (PEAP,) MS Smart Card or other cert

    Idle Timeout, Session Timeout, CallerStation ID and day/time restrictions not configured/default

    NAS Port Type: Wireless IEEE 802.11 OR Wireless Other



    Settings:

    Framed Protocol: PPP

    Service Type: Framed

    Vendor specific: none

    BAP: server settings determine...

    IP filters: none

    Encryption: 40, 56 and 128 checked, no encryption is NOT checked

    IP Settings: Server settings determines...



    GPO: no inheritance from other GPO's and only GPO in the test OU



    Comp config-Security-wireless-new

    Policy Name: RADIUS-TEST



    Properties:

    General Tab: Policy name and description same name

    Use Windows WLAN autoconfig service for clients CHECKED

    SSID "RADIUSTEST"

    Network Permissions:

    Infrastructure

    Allow

    NO other boxes checked



    SSID Profile RADIUSTEST:

    Connection tab: SSID RADIUSTEST

    all Connect boxes checked

    Security tab:

    WPA2-Enterprise

    AES_CCMP

    Network auth method: PEAP -Properties: Verify server, cert server is checked, tell if server cant be identified, auth method is EAP-MSCHAP v2 -Advanced: PMK caching is only box checked

    Auth mode: User or computer

    Cache information is checked





    Meraki config:



    MR33 AP connected to MX67

    AP has static internal address assigned

    Gateway is correct



    SSID: RADIUSTEST

    WPA2-Enterprise with my RADIUS server

    WPA encryption: 1 and 2 allowed

    802.11 r/w: disabled

    No splash page

    Radius server IP, port 1812, shared secret from NPS



    No accounting, proxy or group policies

    Bridge mode

    VLAN tagging

    VLAN ID: # for wireless vlan on appliance

    Ignore VLAN attributes in RADIUS responses

    No Content filter or Bonjour forwarding




    Receiving the following errors regarding the policies that are setup. Going through the policies I cannot seem to find what I have configured incorrectly though.



    Event ID 20153 Error

    The currently configured accounting provider failed to load and initialize successfully. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.



    Event ID 20269 Warning

    CoId={NA}: The user failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.





    Also received an Error 18 for bad shared secret, but I have double checked that also and, if it was incorrect for some reason previously, has been updated. Not seeing 18 at this time, but others are creating with each attempt.



    Looking into the certificate also. Had an issue regarding multiple SAN entries in the template to include using the specific IP of the server. Primary name is correct though.



    Lots of moving parts here I know, I appreciate any and all assistance!



    :)
     
    Lee.NSM, Aug 27, 2019
    #1

  2. wlan + radius authentication

    Hello,

    i dont know what types of radius server your using? what types of security? enabled Proxcy? MS radius server or another party server? AP is configured to support radius server? Does your radius server support your Nokia Phone ?

    so many questions in my mind and everything must be configured in order to be able to connect to radius server.

    for the Better solution contact your Network Administrator he/she can connect you to radius server.

    thanks
     
    downloader---01, Aug 27, 2019
    #2
  3. A RADIUS message was received from RADIUS client 192.x.x.x with an invalid authenticator

    Hello Team,

    I am getting "A RADIUS message was received from RADIUS client 192.x.x.x with an invalid authenticator. This is typically caused by mismatched shared secrets. Verify the configuration of the shared secret for the RADIUS client in the Network Policy Server
    snap-in and the configuration of the network access server"

    But I updated the shared key as well but no luck.

    Thanks,

    Shailendra V
     
    Shailendra.Vishwakar, Aug 27, 2019
    #3
  4. AP unable to authenticate to RADIUS server

    Configure RADIUS to authenticate using a user certificate

    How do I configure my RADIUS server to allow client machines to authenticate to WIFI using a user certificate instead of the Domain Controller certificate?
     
    Islam Morad, Aug 27, 2019
    #4
Thema:

AP unable to authenticate to RADIUS server

Loading...
  1. AP unable to authenticate to RADIUS server - Similar Threads - unable authenticate RADIUS

  2. Windows Endpoint stop sending RADIUS Authentication

    in AntiVirus, Firewalls and System Security
    Windows Endpoint stop sending RADIUS Authentication: Dear Team,We have many endpoint enabled RADIUS authentication via our NAC Solution Forescout. Around 2000+ Endpoints are authenticated via EAP-TLS Certificate but during Friday Morning, We noticed that many endpoint start failing authentication and try to use MAC Address to...
  3. Radius serer + WLC and Client Certificate Authentication

    in Windows 10 Software and Apps
    Radius serer + WLC and Client Certificate Authentication: Hello people,We have an issue with our radius server.I will explain what is our goal and what configuration we have so far: Our goal is to authenticate clients in the domain using WLC and Client Certificate Authentication. Each client in our domain has a unique personal...
  4. Radius authentication not working on some computers since move to server 2019

    in Windows 10 Gaming
    Radius authentication not working on some computers since move to server 2019: I have Meraki AP's and am using radius for authentication. We were using server 2012 R2 and everything was fine. I stood up new 2019 DC's and migrated the radius configuration to the new DC. Now some computers will not connect to radius. In the event viewer logs I am getting...
  5. Radius authentication not working on some computers since move to server 2019

    in Windows 10 Network and Sharing
    Radius authentication not working on some computers since move to server 2019: I have Meraki AP's and am using radius for authentication. We were using server 2012 R2 and everything was fine. I stood up new 2019 DC's and migrated the radius configuration to the new DC. Now some computers will not connect to radius. In the event viewer logs I am getting...
  6. Radius authentication not working on some computers since move to server 2019

    in Windows 10 Software and Apps
    Radius authentication not working on some computers since move to server 2019: I have Meraki AP's and am using radius for authentication. We were using server 2012 R2 and everything was fine. I stood up new 2019 DC's and migrated the radius configuration to the new DC. Now some computers will not connect to radius. In the event viewer logs I am getting...
  7. AAA Radius Server

    in Windows 10 Software and Apps
    AAA Radius Server: Dear Team,I have already AD server. I want to install AAA radius server on the another domain connect computer.Can it be installed on the domain computer and not on the AD computer?...
  8. AAA Radius Server

    in Windows 10 Gaming
    AAA Radius Server: Dear Team,I have already AD server. I want to install AAA radius server on the another domain connect computer.Can it be installed on the domain computer and not on the AD computer?...
  9. Windows 11 22H2 cannot authentication with 802.1x radius authentication server.

    in Windows 10 Gaming
    Windows 11 22H2 cannot authentication with 802.1x radius authentication server.: We try connnect wifi with security 802.1x authentication but it show can't connect this network and as I check the log on Wireless controller show that terminal not respond to radius server after EAP connect. How we can solve this issue because windows 10 can connect normally...
  10. Windows 11 22H2 cannot authentication with 802.1x radius authentication server.

    in Windows 10 Software and Apps
    Windows 11 22H2 cannot authentication with 802.1x radius authentication server.: We try connnect wifi with security 802.1x authentication but it show can't connect this network and as I check the log on Wireless controller show that terminal not respond to radius server after EAP connect. How we can solve this issue because windows 10 can connect normally...