topic Virtual Smartzone - AAA server authentication in To Be Moved https://community.ruckuswireless.com/t5/To-Be-Moved/Virtual-Smartzone-AAA-server-authentication/m-p/14101#M875 Hello,<BR />We would like to authenticate our users using a RADIUS-server, included in the NPS-server from Microsoft Server 2012 R2. They have to login using the 'Web Authentication' method.<BR /><BR />The first problem (not actually a real problem) we encounter is we can not test the AAA-server from the Smartzone-portal. The same problem if we add an Active Directory Server. But this seems logic to me as we entered the internal ip-address from the RADIUS or AD-server. Authenication on premises works though.&nbsp;<BR /><BR />The second problem is a bigger issue. I have setup a web authentication portal and linked this to our SSID. When a client connects, the authencation portal is displayed and users can logon. The radius accepts the request and the user is connected to our WiFi. Great.<BR /><BR />BUT...I have to check CHAP in the NPS-constraints. If I don't do this, the authentication won't work. CHAP means that I have to store passwords in reverseable encryption. I have to check this in the user's properties (AD). CHAP is not my favourite encryption protocol because the passwords are encrypted in the reverse way. This gives a potential security leak.<BR /><BR />Is it possible that Smartzone is not yet capable of using (P)EAP, MS-CHAP, ... in combination with a web authentication portal? Thu, 16 Jun 2016 07:55:42 GMT geert_vancleef 2016-06-16T07:55:42Z Virtual Smartzone - AAA server authentication https://community.ruckuswireless.com/t5/To-Be-Moved/Virtual-Smartzone-AAA-server-authentication/m-p/14101#M875 Hello,<BR />We would like to authenticate our users using a RADIUS-server, included in the NPS-server from Microsoft Server 2012 R2. They have to login using the 'Web Authentication' method.<BR /><BR />The first problem (not actually a real problem) we encounter is we can not test the AAA-server from the Smartzone-portal. The same problem if we add an Active Directory Server. But this seems logic to me as we entered the internal ip-address from the RADIUS or AD-server. Authenication on premises works though.&nbsp;<BR /><BR />The second problem is a bigger issue. I have setup a web authentication portal and linked this to our SSID. When a client connects, the authencation portal is displayed and users can logon. The radius accepts the request and the user is connected to our WiFi. Great.<BR /><BR />BUT...I have to check CHAP in the NPS-constraints. If I don't do this, the authentication won't work. CHAP means that I have to store passwords in reverseable encryption. I have to check this in the user's properties (AD). CHAP is not my favourite encryption protocol because the passwords are encrypted in the reverse way. This gives a potential security leak.<BR /><BR />Is it possible that Smartzone is not yet capable of using (P)EAP, MS-CHAP, ... in combination with a web authentication portal? Thu, 16 Jun 2016 07:55:42 GMT https://community.ruckuswireless.com/t5/To-Be-Moved/Virtual-Smartzone-AAA-server-authentication/m-p/14101#M875 geert_vancleef 2016-06-16T07:55:42Z