i have a problem with Radius Authentication, when i configure the Authentication Server with Radius Back-end, the server test is pass but the users Authentication With NAS-Identifier PPTP isn't. my radius configuration is like a this link: "www.sophos.com/.../115050.aspx " the radius event viewer Reason log is "The connection request did not match any configured network policy." and the UTM Authentication log show me this reason: "the radius authentication Failed"
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: Connections to other access servers
Authentication Provider: Windows
Authentication Server: PDC.Test.local
Authentication Type: PAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 66
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy."
I have a firewall with Radius configured as a backend to a W2012R2 NPS. I want to use it for SSL VPN. Users have to login to the User Portal for this to get the config. When logging-in to the User Portal and PAP is disabled on the NPS, the user is not logged in. "Invalid User or access denied by Policy".
When in the same policy PAP (unencrypted authentication !) is enable, the user is able to login.
Am I correct that this is normal behaviour?
Has this always been like this (or was it different with W2008? or did it work in older UTM versions without PAP) ?
One of the reasons to use the SSL VPN is that it integrates so well with Active Directory. I would not use RADIUS for this application. When RADIUS is used with Wireless, PAP is not used and the password is encrypted - MCHAPv2, I think I remember.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005