Hello,
For the past couple days I’ve been trying to get a new NPS/Radius configuration set up for use with a Netgear WNDR3700 wireless router. This is my first attempt at setting up such a configuration so there may be some obvious items I may have missed.
I started with setting up the NPS server (Server 2008 R2 Ent) on a VM and registering it with AD, I didn’t add the network policies to NPS as I didn’t have the router configured yet. Next thing was the router and WAP set up. I configured the Netgear to use WPA2 Enterprise authentication through RADIUS and pointed to the new NPS server. I also configured the friendly name and IP addressing. Then on the NPS server, I configured the RADIUS client, Network Policy and Connection Request Policy for the appropriate friendly name.
For the network policy, I have set access permissions to grant access and ignore user account dial-in properties. Under conditions, I have only allowed the Wireless group in my AD, which includes myself as a user. For constraints I have MS Protected EAP added to EAP types, I have also checked MSCHAPv2 and MS-CHAP as well as Unencrypted Authentication.
Next step was setting up the CA. Because the NPS role isn’t installed on the PDC, I needed to set this up as a subordinate CA. I added the subordinate CA role, and created the necessary certificate templates for Users, Computers and IAS and RAS Server and issued them out. I then configured the GPO settings for autoenroll and ran a gpupdate on the server. The certificates were issued and now it was time for testing.
When attempting to connect to the WAP, I am unable to authenticate. I’m getting an error code 22 in the NPS server event log stating: “The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server. “ After doing some research most answers point to certificate problems. The server has been issued the IAS and RAS certificate and my user name and laptop have also recieved the proper certificate. I have tested authentication through the firewall and it authenticates no problem with its client set up, but it also doesn’t require certificates.
At this point, I'm trying to determine where I may have gone wrong with certificates, but I'd really appreciate any help I can get!