CommScope RUCKUS Community Forums

john_nicoletti · ‎12-18-2019

Our goal: To have a single SSID that requires you to be a part of an AD group in order to connect. Upon connection you are brought to a web portal that you authenticate with AD credentials. If you're a member of the AD group, auth succeeds. If you're not, auth fails.

We currently have 802.1X setup for our main WLANs using RADIUS/NPS and that is working fine. We now have come to where we need a BYOD WLAN configured for a certain subset of users. I attempted to create a new network policy inside of NPS looking for the NAS-ID of the WLAN (custom ID) and the Network Policy looks at AD group membership. The Network Policy is using PAP/CHAP for this specific BYOD policy.

When assigning Web Authentication to the WLAN, all user login attempts fail with invalid Username/PW.

When assigning Hotspot WISPr profile to the WLAN, AD auth works as designed.

Why would I be seeing two different results for each portal type, meanwhile they both use the same AAA server (SZ proxied).

Thank you!

sanjay_kumar · ‎12-19-2019

Hi Jnick,

On the NPS event viewer, we can check entry for each authentication, check the Authentication Type and see if it hitting the Network Policy, check the reason at the end of the event page.

Under Network Policy >> Constraints >> Authentication Methods >> do you have MSCHAPv2 added in the Eap Types? or just allowed PAP\CHAP?

I would compare both working and non working events to get more information.

syamantakomer · ‎12-20-2019

I think Jnick wants to know why Web auth+AD is not working, so NPS policy and NPS event logs has nothing to do with it.

nickzourdos · ‎02-17-2020

I'm trying to accomplish the same thing, but I'm unable to configure 802.1x in a Web Authentication WLAN. Can someone confirm that this is not possible, and possibly suggest an alternative?

CommScope RUCKUS Community Forums

Cannot get RADIUS (NPS) auth working with Web Authentication

Photos