Hello, We would like to authenticate our users using a RADIUS-server, included in the NPS-server from Microsoft Server 2012 R2. They have to login using the 'Web Authentication' method.
The first problem (not actually a real problem) we encounter is we can not test the AAA-server from the Smartzone-portal. The same problem if we add an Active Directory Server. But this seems logic to me as we entered the internal ip-address from the RADIUS or AD-server. Authenication on premises works though.
The second problem is a bigger issue. I have setup a web authentication portal and linked this to our SSID. When a client connects, the authencation portal is displayed and users can logon. The radius accepts the request and the user is connected to our WiFi. Great.
BUT...I have to check CHAP in the NPS-constraints. If I don't do this, the authentication won't work. CHAP means that I have to store passwords in reverseable encryption. I have to check this in the user's properties (AD). CHAP is not my favourite encryption protocol because the passwords are encrypted in the reverse way. This gives a potential security leak.
Is it possible that Smartzone is not yet capable of using (P)EAP, MS-CHAP, ... in combination with a web authentication portal?