Hi everybody,
I have one problem with VPN L2TP. I created local users on router and I can successfully to connect at VPN L2TP, but I tried to configure NPS from a lot of source and cant make authorization and is written Authentication Failed - Radius Timeout.
Could you please help me please with clear guide how to setup NPS for authentication of users who trying to connect at L2TP ?
Thanks in advance.
Re: L2TP with Radius Authentication
I used this one, all is working
https://mivilisnet.wordpress.com/2018/1 ... indows-ad/
https://mivilisnet.wordpress.com/2018/1 ... indows-ad/
Re: L2TP with Radius Authentication
Hi,
I tried 100% exactly this step on Windows server 2019 and nothing working
I tried 100% exactly this step on Windows server 2019 and nothing working
Re: L2TP with Radius Authentication
Also this link from comments on original article
https://mivilisnet.wordpress.com/2019/0 ... s-working/
https://mivilisnet.wordpress.com/2019/0 ... s-working/
Re: L2TP with Radius Authentication
Without RADIUS works? Something in Windows Security Events?
Re: L2TP with Radius Authentication
Without Radius its work with local users on router
In Event is written : ID 49 The connection request did not match a configured connection request policy, so the connection request was denied by Network Policy Server.
On Mikrotik I have Request and Reject in RADIUS setting
In Event is written : ID 49 The connection request did not match a configured connection request policy, so the connection request was denied by Network Policy Server.
On Mikrotik I have Request and Reject in RADIUS setting
Re: L2TP with Radius Authentication
So, Mikrotik is connecting to NPS, but policies not match. The only suggestion is, check all settings thoroughly step by step on both sides, especially on NPS. Or start from scratch.
Re: L2TP with Radius Authentication
I Tried to do 10 time from scratch and nothing done. On Radius Client Setting Address IP should be the router IP and not from AD correct ?
You do not have the required permissions to view the files attached to this post.
-
-
mjezierski
newbie
- Posts: 36
- Joined:
- Location: Racing Capital of the World
- Contact:
Re: L2TP with Radius Authentication
On the Conditions -> Authentication Methods select "Unencrypted Authentication (PAP/SPAP)" and "Encrypted Authentication (CHAP)" and retest. I have Windows Server 2016 working with Mikrotik Dot1X using RADIUS with PAP and it works well.
Yes I know it's unencrypted but I'm doing MAC Address authentication on an internal network.
Yes I know it's unencrypted but I'm doing MAC Address authentication on an internal network.
Re: L2TP with Radius Authentication
You can only do PAP or MSCHAPv2 against AD, there is no way CHAP can work.
The 'Ignore user dial-in account properties' box is not ticked in your screenshots. I'm not a Windows expert, but without this I expect you have to apply a policy to the user accounts as the default is not to permit dial-in.
The 'Ignore user dial-in account properties' box is not ticked in your screenshots. I'm not a Windows expert, but without this I expect you have to apply a policy to the user accounts as the default is not to permit dial-in.
Re: L2TP with Radius Authentication
I tried with and without this box and nothing helped
Re: L2TP with Radius Authentication
What is on Mikrotik?
Re: L2TP with Radius Authentication
all is configured correctly on mikrotik (Radius, ACL) but still receive this log user authentication failed
Re: L2TP with Radius Authentication
Sorry, no idea. On Mikrotik my only error was incorrect src-address in radius settings, there should be router's IP address.