RADIUS to MS NPS/AD - CHAP/PAP failures

bascom_joshg · Feb 4, 2022, 4:53 PM

Hello all,

I am attempting to use our NPS server to authenticate RADIUS requests for user auth for OpenVPN. I have NPS configured on our internal AD DS server, with the pfSense box setup as a client. I have allowed PAP, MS-CHAP, and MS-CHAPv2. All of my NPS settings should be correct.

When I attempt to connect via OVPN, or when I run an authentication test in Diagnostics, I am getting the following error: "No User or Chap Password attributes given"

I have attempted the tests with both PAP and CHAPv2 methods in the Authentication Servers settings in pfSense, and neither seems to make a difference. Am I missing something simple here? This is my first pfSense spin-up, so I'm still trying to learn it.

stephenw10 · Feb 4, 2022, 9:28 PM

Can we assume you have followed this doc?
https://docs.netgate.com/pfsense/en/latest/recipes/radius-windows.html

Is there anything logged in pfSense or on the server when you try to authenticate?

That error sounds like there is simply some config missing, is that returned on the Diag > Auth page?

Steve