Community discussions

MikroTik App
 
abulat
just joined
Topic Author
Posts: 18
Joined: Mon Nov 16, 2020 4:14 pm

L2TP with Radius Authentication

Mon Feb 15, 2021 1:40 pm

Hi everybody,

I have one problem with VPN L2TP. I created local users on router and I can successfully to connect at VPN L2TP, but I tried to configure NPS from a lot of source and cant make authorization and is written Authentication Failed - Radius Timeout.

Could you please help me please with clear guide how to setup NPS for authentication of users who trying to connect at L2TP ?

Thanks in advance.
 
User avatar
karlisi
Member
Member
Posts: 369
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 3:18 pm

---
Karlis
 
abulat
just joined
Topic Author
Posts: 18
Joined: Mon Nov 16, 2020 4:14 pm

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 3:25 pm

Hi,

I tried 100% exactly this step on Windows server 2019 and nothing working
 
User avatar
karlisi
Member
Member
Posts: 369
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 4:01 pm

Also this link from comments on original article
https://mivilisnet.wordpress.com/2019/0 ... s-working/
---
Karlis
 
abulat
just joined
Topic Author
Posts: 18
Joined: Mon Nov 16, 2020 4:14 pm

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 4:10 pm

Also doesnt work
 
User avatar
karlisi
Member
Member
Posts: 369
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 4:16 pm

Without RADIUS works? Something in Windows Security Events?
---
Karlis
 
abulat
just joined
Topic Author
Posts: 18
Joined: Mon Nov 16, 2020 4:14 pm

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 4:33 pm

Without Radius its work with local users on router

In Event is written : ID 49 The connection request did not match a configured connection request policy, so the connection request was denied by Network Policy Server.

On Mikrotik I have Request and Reject in RADIUS setting
 
User avatar
karlisi
Member
Member
Posts: 369
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 5:05 pm

So, Mikrotik is connecting to NPS, but policies not match. The only suggestion is, check all settings thoroughly step by step on both sides, especially on NPS. Or start from scratch.
---
Karlis
 
abulat
just joined
Topic Author
Posts: 18
Joined: Mon Nov 16, 2020 4:14 pm

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 5:11 pm

I Tried to do 10 time from scratch and nothing done. On Radius Client Setting Address IP should be the router IP and not from AD correct ?
You do not have the required permissions to view the files attached to this post.
 
mjezierski
newbie
Posts: 26
Joined: Mon Jul 01, 2019 3:50 pm
Location: Racing Capital of the World
Contact:

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 5:34 pm

On the Conditions -> Authentication Methods select "Unencrypted Authentication (PAP/SPAP)" and "Encrypted Authentication (CHAP)" and retest. I have Windows Server 2016 working with Mikrotik Dot1X using RADIUS with PAP and it works well.

Yes I know it's unencrypted but I'm doing MAC Address authentication on an internal network.
--
Michael Jezierski
Technology Manager - NTT INDYCAR Series
From the Racing Capital of the World

"Any Opinions Expressed Here are strictly mine, and not those of INDYCAR"
 
abulat
just joined
Topic Author
Posts: 18
Joined: Mon Nov 16, 2020 4:14 pm

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 5:41 pm

Not helped
 
tdw
Forum Veteran
Forum Veteran
Posts: 892
Joined: Sat May 05, 2018 11:55 am

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 5:47 pm

You can only do PAP or MSCHAPv2 against AD, there is no way CHAP can work.

The 'Ignore user dial-in account properties' box is not ticked in your screenshots. I'm not a Windows expert, but without this I expect you have to apply a policy to the user accounts as the default is not to permit dial-in.
 
abulat
just joined
Topic Author
Posts: 18
Joined: Mon Nov 16, 2020 4:14 pm

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 5:53 pm

I tried with and without this box and nothing helped
 
User avatar
karlisi
Member
Member
Posts: 369
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 5:59 pm

What is on Mikrotik?
---
Karlis
 
abulat
just joined
Topic Author
Posts: 18
Joined: Mon Nov 16, 2020 4:14 pm

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 6:01 pm

all is configured correctly on mikrotik (Radius, ACL) but still receive this log user authentication failed
 
User avatar
karlisi
Member
Member
Posts: 369
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: L2TP with Radius Authentication

Mon Feb 15, 2021 6:05 pm

Sorry, no idea. On Mikrotik my only error was incorrect src-address in radius settings, there should be router's IP address.
---
Karlis

Who is online

Users browsing this forum: No registered users and 34 guests