Does Microsoft NPS support EAP chaining (EAP-FAST V2) RRS feed

  • Question

  • I have a Cisco Wireless LAN controller with a number of lightweight Access Points. I utilize Microsoft NPS (2008) as my RADIUS server. I need to make sure that only certain computers are allowed to connect. I am trying to authenticate wireless clients by username/password and computer name (group membership). Is Microsoft NPS capable to do that? I heard that it requires EAP chaining or EAP-FAST v2. Looks like that only third-party supplicants are capable to supply user credentials and computer name at the same time, like Cisco AnyConnect Network Access Manager.
    Tuesday, May 14, 2013 2:12 PM


All replies

  • Hi,

    Thanks for the post.

    However, NPS does not support EAP-FAST V2.

    More information:

    Extensible Authentication Protocol (EAP) Settings for Network Access


    Hope this helps.

    Jeremy Wu
    TechNet Community Support

    • Proposed as answer by arnavsharma Sunday, May 19, 2013 1:47 PM
    • Marked as answer by Jeremy_Wu Monday, May 20, 2013 5:06 AM
    Thursday, May 16, 2013 1:31 PM
  • Hi,

    I would like to check if you need further assistance.


    Jeremy Wu
    TechNet Community Support

    Sunday, May 19, 2013 9:00 AM
  • I just ran into this recently so wanted to respond.

    As long as you have set up the client supplicant to use both the user and computer accounts, if they are logged into the client machine, the NPS server will authenticate against their user account.  But if they are not logged into the client machine, the NPS server will authenticate against their computer account.

    Also, the built in 802.1X supplicant in Windows (as far as I can tell) does not support EAP-FASTv2 (chaining), so only the user or computer can be used, not both simultaneously.

    I believe the only way to make this work is to use Cisco's NAM supplicant and ISE radius server.  Unfortunately, NAM is only supported on Windows.

    Sunday, April 22, 2018 6:18 PM