EAP-PEAP-MSCHAPv2 Realm Stripping in Windows 2012

All replies

• 

  

  0

  Sign in to vote

  Hi,

  Firstly, would you please tell us the role you set the NPS server as, a RADIUS server or a RADIUS proxy?

  Besides, I recommend you to check any related information in event log to see if the issue was really due to the change of user-name attribute.

  In addition, IAS works on windows sever 2003 based operate system, but you said the issue was occurred on Windows server 2012. If in these scenario, why IAS authentication failed? Maybe I misunderstood something, I would appreciate it if you can tell us more detailed information about your deployment.

  The link below may be helpful to you:

  IAS Troubleshooting

  http://technet.microsoft.com/en-us/library/cc775934(v=ws.10).aspx

  EAP-PEAP-MSCHAPv2 Realm Stripping

  http://social.technet.microsoft.com/Forums/windowsserver/en-US/e73183d4-7b2f-48a7-9246-97ed711e8e8d/eappeapmschapv2-realm-stripping?forum=winserverNAP

  Best regards,

  Susie

  Thursday, November 28, 2013 3:29 AM
• 

  

  0

  Sign in to vote

  Hi Susie

  The role is a RADIUS server, I know the realm striping works with Radius proxy role

  I have read the link EAP-PEAP-MSCHAPv2 Realm Stripping 

  and confirm that "The official line from Microsoft is below and confirms that in NPS the realm stripping is only designed to be used when proxying requests from front to back. So this is by design and not classed as a bug. " (alphasnooper response)

  I want to know is this line continues in windows 2012, or is possible use realm stripping with the role of Radius server

  IAS authentication failed because it uses the original user-name, not the user-name obtained with realm stripping
  

  Thanks a lot

  Thursday, November 28, 2013 9:52 AM