802.1x on Active Directory: no errors in debug but auth fails

[Alan Buxey]

Hi,

> I'm forced to abandone this project and resort to M$'NAP server :(

if you do, then its your loss and you'll be limited for the future of your infrastructure.

use freeRADIUS - after all, at least it will give you information and debug
detailed information....when NPS goes wrong...well, good luck.

this is probably a trivial issue - how did you create your CA? how did you sign
the radius CRT/PKCS12 file?   if you use the out of the box basic cert creation
script (as pre generated the first time you run FR straight from compiled from source)
then it works.  I can guarantee that after running such installs many times myself
(and then going ahead to use own CA and signed server cert).  I deal with 4 of the major
RADIUS server platforms...and FR is the only one that can deal with every issue and
corner case that comes along, the rest are very limited...and you dont want a limiting
server as it then places limits of what you can do with it and what clients you can support.

alan