Hi All,
I am having some problems with my IAP setup that I am hoping I can get some advice about.
I didn't have any problems creating an office network using PEAP/MSChapv2 802.1x authenticating against a 2012 r2 NPS server.
I also didn't have any problems creating a guest network that authenticates against the internal captive portal.
I was also able to add a NAS ID so that when the office network authenticates against NPS that it chooses the rule that applies and then authenticates with the office AD group.
Where I am having problems though, is having the guest network captive portal (redirects fine to the captive portal site) authenticate against the same NPS server.
I have two distinct NAS ID's (with different names in the IAP) pointing to the same NPS server, and as I said this all works fine with the office network. The captive portal posts fine to the secure site, but then after a bit, comes back with just a number that increments in the top left, with the site url now saying incorrect login. The NPS logs show no attempt to authenticate, and the IAP alerts tell me it was unable to communicate with the NPS but the setup for both authentication servers is IDENTICAL, other than the NAS ID so I am a little stumped. It's like the IAP isn't even trying to communicate with NPS and the firewall logs show no traffic. I have quadruple checked, and the only difference with the auth server on the IAP side is the NAS ID.
Hoping someone can point me in the right direction, thanks in advance.