ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
Has anyone successfully integrated Radius Auth profile PEAP-MsCHAPv2 with NPS or any other Radius platform?
I have configured my Radius Auth Profile and attached relevant Cert profile to it as per below knowledgebase article.
However we are unable to establish successful authentication attempt for global protect user on radius auth profile, If I changed the Radius auth type to PAP it works fine.
Below is the NPS setting used shared by team managing NPS
PEAP-MSCHAPv2 to work, a certificate will be required on the domain controller, which needs to be signed by an Internal PKI CA.
As you can see above that my DC01 has a certificate issued by my Root CA SOS.local
On the firewall side, you should have the following configuration:
From the screenshot above, we can see the certificate profile applied "PEAP-Cert", which will have by signing CA and authentication protocol is selected as PEAP-MSCHAPv2
After the config above, you can create an authentication profile with the RADIUS profile above an apply it to your Portal or gateway or both.
Hope that helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!