I am trying to fathom NPS (RADIUS) in Windows Server 2016, but all efforts are failing. I have peeled back to just a basic client (Win10) to server connection on the same LAN and using NTRadPing to test an authentication request ... but all efforts fail.
The latest is "response: Access-Reject". There is nothing logged in the event viewer.
The intention is to use RADIUS authentication for some appliance VPN connections (not RRAS).
My test NPS configuration is as follows:
> NPS enabled and registered
> RADIUS client is created and defined as IP address of 'my_laptop'
> Shared Secret is same as defined on client and server side
> Vendor name is "RADIUS Standard"
> Connection Request Policy: Enabled; Type of network access server is Unspecified, Condition defined is Access Client IPv4 Address is 'my_laptop' IP, Settings is set to Authentication requests on this server
> Network Policy: Enabled; Grant access if connection request matches this policy; Ignore user accounts dial-in properties; Type of network access server is Unspecified; Windows Groups defined where user authenticating is a member of the security group; Machine Groups defined where client machine 'my_laptop' connecting is a member of the security group; Authentication Methods has all "less secure" methods selected, except the last one; RADIUS Attributes has Standard defines as Framed-Protocol as PPP and Service-Type as Framed
> everything else is default
If I change the NTRadPing request type to Status Server, then I get an event logged on the NPS server ... A RADIUS message with the Code field set to 12, which is not valid, was received on port 1812 from RADIUS client <my_laptop>. Valid values of the RADIUS Code field are documented in RFC 2865.
Is this because NTRadPing is old and no longer complies? If so, how else can I do basic RADIUS testing?
I have tried to find some very basic setup for RADIUS (NPS) in Windows but all attempts to get this working fail.
I have the necessary ports open on the firewall too ... 1812, 1813, 1645 & 1646.