Hi,
Configuring PPTP on firewall (v7.504) to use Radius to backend Windows 2008 Server. Have configured Radius (NPS) on 2k8 server and also under Users\Auth\Servers on firewall. If I click 'Test' for server settings, it works fine. However if I add a test user, choose pptp and click 'Test', it fails with:
User authentication:
Radius authentication failed
User is a member of the following groups:
No groups have been found for this user
Under NPS on the Windows 2008 server, I have left the default connection request policy as is, and under the Network Policies node, have added a new policy that has conditions:
NAS Identifier: pptp
Windows Groups: DOMAIN\Radius Users
I have settings as:
Access Permission: Grant Access
Authentication Method: MS-CHAP v1 OR MS-CHAP v2
NAP Enforcement: Allow full network access
Update Noncompliant Clients: True
Framed-Protocol: PPP
Service-Type: Framed
BAP Percentage of Capacity: Reduce Multilink if server reaches 50% for 2 minutes
Encryption: Strongest encryption (MPPE 128-bit)
Most of the above settings are the defaults.
Any ideas why I'm getting this error when testing authentication??? The test user is a member of the group under AD.
As a test, if I alter the default Connection request policy ("Use Windows authentication for all users") on the Windows 2008 Server, under Settings tab, Authentication and change from "Authenticate requests on this server" to "Accept users without validating credentials" then click 'Test' from the Astaro, it passes and comes back with the correct user groups. Of course, this simply verifies that its something to do with the configuration under NPS as opposed to the Astaro. I just can't quite figure out what I'm doing wrong. I've tried testing with username, username@domain, DOMAIN\username formats and none work.
Help?
Cheers
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
