Win 7 IKEv2+PEAP = "no NPS server"?

Alan DeKok aland at
Thu Apr 8 15:58:02 CEST 2010

Stefan Winter wrote:
> We're setting up a VPN Server (strongswan) with Windows 7 in IKEv2 mode.
> The client side is supposed to authenticate with PEAP(*) to FreeRADIUS.
> That works pretty well, but on the first PEAP connection to the server,
> there's a big fat warning on the Win 7 UI: "You're connecting to a
> server which is not a valid NPS Server for this domain. You are strongly
> discouraged from continuing... bla..."

  Go through the Windows GUI, and look for "health checks", or something
like that... turn those off.

> (*) If you just select EAP-MSCHAPv2 (no inner tunnel), the end result at
> the FR side is a crippled User-Name (which makes it impossible to auth
> users).

  Hmm... what does that mean?

  Alan DeKok.

More information about the Freeradius-Users mailing list