ROS IPsec configures radius authentication, set it according to MikroTik 2019 MUM expert's tutorial, Radius Server I am using Windows Server 2016 NPS, during the authentication process, the certificate authentication is passed, the account authentication can not be passed, I do not know why, and then the Radius Server Change to TekRADIUS, still the same result.
I asked for technical support and got a reply :
Emīls Z.29/Apr/21 8:08 AM
Hello,
We suspect it is an issue with the RADIUS server that includes the EAP MSK message in Access-Accept message which should not be there.
Jan/24/2021 18:59:46 received Access-Accept with id 10 from 172.18.168.8:1812
Jan/24/2021 18:59:46 Signature = 0x09251f87403d76208c62a457ac3a9b2c
Jan/24/2021 18:59:46 User-Name = "itest1"
Jan/24/2021 18:59:46 EAP-Message = 0x03030004
Jan/24/2021 18:59:46 Message-Authenticator = 0x882193fa948795e83d227c95221fcbcd
Jan/24/2021 18:59:46 received reply for 55:0b
>>>>>>>>>>>> Jan/24/2021 18:59:46 => EAP MSK (size 0x0)"
For more screenshots of related questions, please search for the post with the same title in the Microsoft Q&A community.