NPS WiFI Logon error 'use an authentication method that is not enabled'

Question

Hi,

I'm using NPS (RADIUS) to logon an user from a PC that is attempting to connect using it's WiFi connector to a corporate network.

I'm getting the error:
'The user attempted to use an authentication method that is not enabled on the matching network policy'

What does this error mean?

Does NPS server usually allocate the PC's IP address? How can I tell how this is done?

I found the error in the Windows Event Logs.

The Event Log entry seems to be able to match[from Event Log details]:
Connection Request Policy <- this is in the event log entry
Network Policy <- this is in the event log entry

These are the details:
WiFi Radius User login CRP <- Connection Request Policy
WiFi Radius User login NP <- Network Policy

WiFi Radius User login CRP:
NAS Port Type Wireless - IEEE 802.11
Authentication Methods <- all not ticked
Authentication - Authenticate all requests on this server

WiFi Radius User login NP
Must be Domain User
Must match regex IP address
Authentication Methods <- ms-chap-v2

I'm on Windows 2016 and using back end Active Directory.

Thanks

Answer 1

Hello there,

This error usually occurs when authentication settings are either incorrectly configured in the Network Policy on your NPS server or on the wireless controller.

Be sure that the wifi client have a copy of the root CA certificate installed.

Check to make sure that the authentication type matches on both the wireless controller and the NPS policy.
This may be an indication that the EAP / PEAP certificate is not added under the NPS rule
Verify there is not a rule listed above the one you're trying to match that is rejecting the client in NPS rule list (works like ACL from top to bottom)

Some useful information https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-verify

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer--