Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

802.1x Authentication with Windows NPS

This thread has been viewed 72 times

  • 1.  802.1x Authentication with Windows NPS

    Posted Feb 07, 2019 03:42 AM

    Hi gays,

    I have an issue when configuring a 802.1x  PEAP authentication, the NPS service show error message 22 (the EAP type is cannot be processed by the server. 

     

    - The type of EAP used is PEAP

    - The AD Certificate Services is not deployed, I used ,insteed, a WildCard Public Certificate

    - Aruba MM v8 Architecture

    -NPS on windows server 2016 datacenter

     

    Could you please help me to fix the issue.

     

    Best regards

     



  • 2.  RE: 802.1x Authentication with Windows NPS

    MVP EXPERT
    Posted Feb 07, 2019 03:57 AM

    Code 22 usually means the NPS was unable to negotiate the use of an Extensible Authentication Protocol (EAP) type with the client computer. Are you certain that both your client and NPS server are correctly configured? Can you test the communication between the MD and the auth server using the below command?

     

    https://www.arubanetworks.com/techdocs/ArubaOS_6_5_3_X_Web_Help/Content/ArubaFrameStyles/1CommandList/aaa_test_server.htm



  • 3.  RE: 802.1x Authentication with Windows NPS

    EMPLOYEE
    Posted Feb 07, 2019 04:45 AM
    @Aghiles wrote:

    Hi gays,

    I have an issue when configuring a 802.1x  PEAP authentication, the NPS service show error message 22 (the EAP type is cannot be processed by the server. 

     

    - The type of EAP used is PEAP

    - The AD Certificate Services is not deployed, I used ,insteed, a WildCard Public Certificate

    - Aruba MM v8 Architecture

    -NPS on windows server 2016 datacenter

     

    Could you please help me to fix the issue.

     

    Best regards

     

    You have two issues here:

     

    1.  EAP Termination on ArubaOS is not supported (does not work and never has) with Windows IAS or NPS when using machine authentication.  Please disable termination in the 802.1x profile and use a certificate on the NPS server, instead for machine authentication to work.:

    https://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Local-Termination-kills-802-1x-Auth-for-computers-in-Active/td-p/13948

     

    2.  Using a wildcard certificate for 802.1x is not supported (does not work) for a number of clients.  It is a best practice to issue a Windows Server Certificate from your own Domain CA that all of your domain users already trust.

     

    Please see the document attached the post here:  https://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/m-p/14392/highlight/true#M6113 to see detailed info about setting up NPS.