09-22-2020 10:00 PM
Has anyone successfully integrated Radius Auth profile PEAP-MsCHAPv2 with NPS or any other Radius platform?
I have configured my Radius Auth Profile and attached relevant Cert profile to it as per below knowledgebase article.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmkRCAS
However we are unable to establish successful authentication attempt for global protect user on radius auth profile, If I changed the Radius auth type to PAP it works fine.
Below is the NPS setting used shared by team managing NPS
09-25-2020 04:04 PM
PEAP-MSCHAPv2 to work, a certificate will be required on the domain controller, which needs to be signed by an Internal PKI CA.
As you can see above that my DC01 has a certificate issued by my Root CA SOS.local
On the firewall side, you should have the following configuration:
From the screenshot above, we can see the certificate profile applied "PEAP-Cert", which will have by signing CA and authentication protocol is selected as PEAP-MSCHAPv2
After the config above, you can create an authentication profile with the RADIUS profile above an apply it to your Portal or gateway or both.
Hope that helps!
07-08-2021 10:19 AM
Hi Sakhan,
Im looking at your first screenshot which shows PEAP Properties, you have chosen "Microsoft: Protected EAP (PEAP)" and I was curious to know why you've also checked MSCHAPv2 under the less secure authentication methods. Is there a reason to that. In my setup I do not have anything checked under less secure authentication method and it works as intended.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
