Forum Discussion

JJeffery's avatar
JJeffery
Brass Contributor
Jul 31, 2024

(Another) Issue with RADIUS authentication for some users

Hi

 

I thought I'd found the solution to our problem in this Tech Community thread from 2021, only to find that there was only one reply.

 

Our NPS logs looks very very similar to those described in that 'DenverCoder' post, here's a screenshot to illustrate (the working one is in green, and shows the full AD path to the user account in AD, and the Network Policy name):

 

We use NPS servers as part of the solution to provide MFA for our staff VPN. It works perfectly for about 127 out of 130 staff. but three of them don't even get an MFA prompt.

 

Just now I thought I'd found a 4th victim, as she'd tried about 20 times today, only to succeed about an hour ago (not sure what inspired her to try again)

 

Looking at the Event View on the NPS shows events 6273 (“Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.”) and 4625 (“Failure Reason: Unknown user name or bad password.”)

 

To me it looks like it's failing to recognise the user's group membership (you have to be in the AD group for the MFA to work, otherwise you ain't coming in bruv!)

 

All suggestions gratefully received.

  • Yes, for my few users the solution was to not use for example an "ä" in their password.

Resources