Does Microsoft NPS support EAP chaining (EAP-FAST V2)


  • I have a Cisco Wireless LAN controller with a number of lightweight Access Points. I utilize Microsoft NPS (2008) as my RADIUS server. I need to make sure that only certain computers are allowed to connect. I am trying to authenticate wireless clients by username/password and computer name (group membership). Is Microsoft NPS capable to do that? I heard that it requires EAP chaining or EAP-FAST v2. Looks like that only third-party supplicants are capable to supply user credentials and computer name at the same time, like Cisco AnyConnect Network Access Manager.
    martes, 14 de mayo de 2013 14:12


Todas las respuestas

  • Hi,

    Thanks for the post.

    However, NPS does not support EAP-FAST V2.

    More information:

    Extensible Authentication Protocol (EAP) Settings for Network Access

    Hope this helps.

    Jeremy Wu
    TechNet Community Support

    jueves, 16 de mayo de 2013 13:31
  • Hi,

    I would like to check if you need further assistance.


    Jeremy Wu
    TechNet Community Support

    domingo, 19 de mayo de 2013 9:00
  • I just ran into this recently so wanted to respond.

    As long as you have set up the client supplicant to use both the user and computer accounts, if they are logged into the client machine, the NPS server will authenticate against their user account.  But if they are not logged into the client machine, the NPS server will authenticate against their computer account.

    Also, the built in 802.1X supplicant in Windows (as far as I can tell) does not support EAP-FASTv2 (chaining), so only the user or computer can be used, not both simultaneously.

    I believe the only way to make this work is to use Cisco's NAM supplicant and ISE radius server.  Unfortunately, NAM is only supported on Windows.

    domingo, 22 de abril de 2018 18:18