Showing results for 
Search instead for 
Did you mean: 

Cannot get RADIUS (NPS) auth working with Web Authentication

New Contributor
Our goal: To have a single SSID that requires you to be a part of an AD group in order to connect. Upon connection you are brought to a web portal that you authenticate with AD credentials. If you're a member of the AD group, auth succeeds. If you're not, auth fails.

We currently have 802.1X setup for our main WLANs using RADIUS/NPS and that is working fine. We now have come to where we need a BYOD WLAN configured for a certain subset of users. I attempted to create a new network policy inside of NPS looking for the NAS-ID of the WLAN (custom ID) and the Network Policy looks at AD group membership. The Network Policy is using PAP/CHAP for this specific BYOD policy.

When assigning Web Authentication to the WLAN, all user login attempts fail with invalid Username/PW. 

When assigning Hotspot WISPr profile to the WLAN, AD auth works as designed.

Why would I be seeing two different results for each portal type, meanwhile they both use the same AAA server (SZ proxied).

Thank you!


RUCKUS Team Member
Hi Jnick,

On the NPS event viewer, we can check entry for each authentication, check the Authentication Type and see if it hitting the Network Policy, check the reason at the end of the event page.

Under Network Policy >> Constraints >> Authentication Methods >> do you have MSCHAPv2 added in the Eap Types? or just allowed PAP\CHAP?

I would compare both working and non working events to get more information.

Community Admin
Community Admin
I think Jnick wants to know why Web auth+AD is not working, so NPS policy and NPS event logs has nothing to do with it.

Syamantak Omer
RUCKUS Networks, CommScope!
Follow me on LinkedIn

I'm trying to accomplish the same thing, but I'm unable to configure 802.1x in a Web Authentication WLAN. Can someone confirm that this is not possible, and possibly suggest an alternative?