Radius Auth Profile with PEAP-MsCHAPv2

Reply
Highlighted
L1 Bithead

Radius Auth Profile with PEAP-MsCHAPv2

Has anyone successfully integrated Radius Auth profile PEAP-MsCHAPv2 with NPS or any other Radius platform?

 

I have configured my Radius Auth Profile and attached relevant Cert profile to it as per below knowledgebase article.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmkRCAS

However we are unable to establish successful authentication attempt for global protect user on radius auth profile, If I changed the Radius auth type to PAP it works fine.

Below is the NPS setting used shared by team managing NPS

 

 

NamalW_0-1600837232072.png

 

Highlighted
L2 Linker

PEAP-MSCHAPv2 to work, a certificate will be required on the domain controller, which needs to be signed by an Internal PKI CA. 


windowsNPS.png

 As you can see above that my DC01 has a certificate issued by my Root CA SOS.local

 

On the firewall side, you should have the following configuration:


radius-mschap.png

From the screenshot above, we can see the certificate profile applied "PEAP-Cert", which will have by signing CA and authentication protocol is selected as PEAP-MSCHAPv2

After the config above, you can create an authentication profile with the RADIUS profile above an apply it to your Portal or gateway or both. 

Hope that helps! 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!