NPS 2012 and WiKID - Unknown EAP Authentication Type

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

NPS 2012 and WiKID - Unknown EAP Authentication Type

thassler
Trying to get NPS 2012 and WiKID to work in authenticating wireless users. I've followed the 'How to configure NPS 2012 for two-factor authentication' guide but I'm getting the following error in the WiKID log:

2016-09-18 22:32:27.308 INFO com.wikidsystems.radius.log.DBSvrLogImpl <2> Access-Request(1) LEN=154 172.1x.x.xx:62882 Access-Request by xxxxxx Failed: AccessRejectException: Unknown EAP authentication type requested: NAK[3]
2016-09-18 22:32:27.304 INFO com.wikidsystems.radius.access.WikidAccess4 Access denied for xxxxxx, domain code: xxxxxxxxxxxx client: /172.1x.x.xx
2016-09-18 22:32:27.146 INFO com.wikidsystems.radius.log.DBSvrLogImpl <1> Access-Challenge(11) LEN=153 172.1x.x.xx:62882 Access-Request by xxxxxx resulted in Access-Challenge.
2016-09-18 22:32:27.100 INFO com.wikidsystems.radius.access.WikidAccess4 Access granted for xxxxxx, domain code: xxxxxxxxxxxx client: /172.1x.x.xx
2016-09-18 22:32:15.587 INFO com.wikidsystems.server.DeviceTransactionExec Issued passcode to device -3555902706606654610

In the NPS connection policy, I can change the 'Authentication' back to 'Authenticate requests on this server' and I can then connect using my AD credentials. If I change it back to 'Forward request to the following remote RADIUS server group for authentication:' I will get the above error about Unknown EAP authentication type.

Any ideas on what I'm doing wrong?

Reply | Threaded
Open this post in threaded view
|

Re: NPS 2012 and WiKID - Unknown EAP Authentication Type

Nick Owen
Administrator

I'm not sure.  We should support all radius flavors.

Is there a way to specify the eap type on your wireless equipment?


On Sep 18, 2016 11:57 PM, "thassler [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
Trying to get NPS 2012 and WiKID to work in authenticating wireless users. I've followed the 'How to configure NPS 2012 for two-factor authentication' guide but I'm getting the following error in the WiKID log:

2016-09-18 22:32:27.308 INFO com.wikidsystems.radius.log.DBSvrLogImpl <2> Access-Request(1) LEN=154 172.1x.x.xx:62882 Access-Request by xxxxxx Failed: AccessRejectException: Unknown EAP authentication type requested: NAK[3]
2016-09-18 22:32:27.304 INFO com.wikidsystems.radius.access.WikidAccess4 Access denied for xxxxxx, domain code: xxxxxxxxxxxx client: /172.1x.x.xx
2016-09-18 22:32:27.146 INFO com.wikidsystems.radius.log.DBSvrLogImpl <1> Access-Challenge(11) LEN=153 172.1x.x.xx:62882 Access-Request by xxxxxx resulted in Access-Challenge.
2016-09-18 22:32:27.100 INFO com.wikidsystems.radius.access.WikidAccess4 Access granted for xxxxxx, domain code: xxxxxxxxxxxx client: /172.1x.x.xx
2016-09-18 22:32:15.587 INFO com.wikidsystems.server.DeviceTransactionExec Issued passcode to device -3555902706606654610

In the NPS connection policy, I can change the 'Authentication' back to 'Authenticate requests on this server' and I can then connect using my AD credentials. If I change it back to 'Forward request to the following remote RADIUS server group for authentication:' I will get the above error about Unknown EAP authentication type.

Any ideas on what I'm doing wrong?




To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: NPS 2012 and WiKID - Unknown EAP Authentication Type

Nick Owen
Administrator
In reply to this post by thassler

Did you get this figured out?


On Sep 19, 2016 7:22 AM, "Nick Owen" <[hidden email]> wrote:

I'm not sure.  We should support all radius flavors.

Is there a way to specify the eap type on your wireless equipment?


On Sep 18, 2016 11:57 PM, "thassler [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
Trying to get NPS 2012 and WiKID to work in authenticating wireless users. I've followed the 'How to configure NPS 2012 for two-factor authentication' guide but I'm getting the following error in the WiKID log:

2016-09-18 22:32:27.308 INFO com.wikidsystems.radius.log.DBSvrLogImpl <2> Access-Request(1) LEN=154 172.1x.x.xx:62882 Access-Request by xxxxxx Failed: AccessRejectException: Unknown EAP authentication type requested: NAK[3]
2016-09-18 22:32:27.304 INFO com.wikidsystems.radius.access.WikidAccess4 Access denied for xxxxxx, domain code: xxxxxxxxxxxx client: /172.1x.x.xx
2016-09-18 22:32:27.146 INFO com.wikidsystems.radius.log.DBSvrLogImpl <1> Access-Challenge(11) LEN=153 172.1x.x.xx:62882 Access-Request by xxxxxx resulted in Access-Challenge.
2016-09-18 22:32:27.100 INFO com.wikidsystems.radius.access.WikidAccess4 Access granted for xxxxxx, domain code: xxxxxxxxxxxx client: /172.1x.x.xx
2016-09-18 22:32:15.587 INFO com.wikidsystems.server.DeviceTransactionExec Issued passcode to device -3555902706606654610

In the NPS connection policy, I can change the 'Authentication' back to 'Authenticate requests on this server' and I can then connect using my AD credentials. If I change it back to 'Forward request to the following remote RADIUS server group for authentication:' I will get the above error about Unknown EAP authentication type.

Any ideas on what I'm doing wrong?




To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: NPS 2012 and WiKID - Unknown EAP Authentication Type

Nick Owen
Administrator
In reply to this post by thassler
I am sorry  - it turns out that we do not support PEAP.  We do MS-CHAP V2 should work.     PAP, CHAP, MSCHAP, MSCHAP2, EAPMD5, EAPT and LEAP are supported.​

On Wed, Sep 28, 2016 at 2:37 AM, Nick Owen <[hidden email]> wrote:

Did you get this figured out?


On Sep 19, 2016 7:22 AM, "Nick Owen" <[hidden email]> wrote:

I'm not sure.  We should support all radius flavors.

Is there a way to specify the eap type on your wireless equipment?


On Sep 18, 2016 11:57 PM, "thassler [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
Trying to get NPS 2012 and WiKID to work in authenticating wireless users. I've followed the 'How to configure NPS 2012 for two-factor authentication' guide but I'm getting the following error in the WiKID log:

2016-09-18 22:32:27.308 INFO com.wikidsystems.radius.log.DBSvrLogImpl <2> Access-Request(1) LEN=154 172.1x.x.xx:62882 Access-Request by xxxxxx Failed: AccessRejectException: Unknown EAP authentication type requested: NAK[3]
2016-09-18 22:32:27.304 INFO com.wikidsystems.radius.access.WikidAccess4 Access denied for xxxxxx, domain code: xxxxxxxxxxxx client: /172.1x.x.xx
2016-09-18 22:32:27.146 INFO com.wikidsystems.radius.log.DBSvrLogImpl <1> Access-Challenge(11) LEN=153 172.1x.x.xx:62882 Access-Request by xxxxxx resulted in Access-Challenge.
2016-09-18 22:32:27.100 INFO com.wikidsystems.radius.access.WikidAccess4 Access granted for xxxxxx, domain code: xxxxxxxxxxxx client: /172.1x.x.xx
2016-09-18 22:32:15.587 INFO com.wikidsystems.server.DeviceTransactionExec Issued passcode to device -3555902706606654610

In the NPS connection policy, I can change the 'Authentication' back to 'Authenticate requests on this server' and I can then connect using my AD credentials. If I change it back to 'Forward request to the following remote RADIUS server group for authentication:' I will get the above error about Unknown EAP authentication type.

Any ideas on what I'm doing wrong?




To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML



--
Nick Owen  --  WiKID Systems, Inc.
http://www.wikidsystems.com
On-premises Two-Factor Authentication
http://twitter.com/wikidsystems | #wikid on freenode.net
Get our low-volume newsletter - Notices, updates : http://eepurl.com/zzUeP