802.1x in EAP-TLS mode on 40x8 with microsoft NPS

[Rens]

Hello,

Anyone successful in using Microsoft NPS on Windows 2008 R2 as a Radius server to authenticate IPTouch 40x8 sets?

I've setup a Microsoft 2008 R2 NPS server in my lab environment but can’t get it to work. I've imported the default certificates from Alcatel-Lucent and created a setup like in the Alcatel-Lucent's knowledge base available for Windows 2003 with IAS. On the IPtouch I’ve enabled EAP-TLS and changed the login.

Unfortunately I always get the same error message:

"Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect."

The same setup works for me on the Windows 2003 with IAS.

Does anyone know if NPS needs a different configuration than IAS?

With kind regards,

Rens

[max0664]

So i have the same problem on 2012 nps someone have a solution?

[Split]

Hi max0664

no idea if in 2012 its the same but with 2008 there are a tc1847.

from tc 1847:

Certificate requirements for EAP clients authenticating on Microsoft Win2008 server have evolved since
Win2003.
In particular, it is now mandatory for the client certificate to have a SubjectAltName (SAN) set to the User
Principal Name (UPN) from Active Directory.
This requirement is not fulfilled by certificates flashed on ALU phones, as they do not contain any SAN field.

For more information, Microsoft has published the list or requirements here:
http://technet.microsoft.com/en-us/libr ... 31363.aspx


may be it help ...