Hello Michael,
The error log mentions "Authentication Type: PAP", but PAP does not seem to be one of the enabled (EAP-MSCHAP-v2, MS-CHAP, MS-CHAP v2) authentication types.
Gary
NPS Error: Authentication failed due to a user credentials mismatch
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 51%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Michael Glosker
5
Reputation points
Hi all,
I'm currently in the process of setting up an NPS server and a RADIUS client, which will be my Cisco switch. Once I had configured both the switch and the NPS server, I proceeded to test AAA from the Cisco switch. However, I encountered an NPS error stating, "Authentication failed due to a user credentials mismatch," despite having entered the correct credentials.
This are my NPS Policy & Client configuration:
And this is the NPS error log:
Windows for business | Windows Server | User experience | Other
2 answers
Sort by: Most helpful
-
Gary Nebbett 6,436 Reputation points2023-06-12T12:00:58.7433333+00:00 -
Michael Glosker 5 Reputation points
2023-06-13T06:55:33.55+00:00 What is the reason that it use PAP as the authentication type? and how it can be changed?
-
Gary Nebbett 6,436 Reputation points
2023-06-13T07:13:12.75+00:00 Hello Michael,
It almost certainly uses PAP because the Cisco switch has been configured to send that type of authentication information. Read the manual for the Cisco switch and then configure it to use one of the authentication mechanisms that you have included in the Windows NPS Network Policy.
Gary
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 45,126 Reputation points2023-06-12T12:42:15.7066667+00:00 Hello Michael,
Thank you for your question and for reaching out with your question today.
When encountering an NPS error stating "Authentication failed due to a user credentials mismatch" and seeing corresponding Audit Failure entries in the NPS server logs, there are several troubleshooting steps you can take to resolve the issue:
- Verify User Credentials: Ensure that the username and password you are using for authentication on the Cisco switch are correct. Double-check that the credentials match what is configured in the NPS server.
- Check Network Connectivity: Confirm that there is proper network connectivity between the Cisco switch and the NPS server. Ensure that the switch can reach the NPS server over the network and that there are no network-related issues, such as firewall rules blocking the traffic.
- Review NPS Policies: Examine the network policies configured on the NPS server. Pay attention to the conditions, constraints, and settings specified in the policies. Make sure that the user credentials you are using meet the requirements specified in the policies. Check if there are any policy-specific restrictions or settings that could cause the mismatch error.
- Validate Shared Secrets: Verify that the shared secret configured on both the Cisco switch and the NPS server match. The shared secret is used for secure communication between the RADIUS client (switch) and the RADIUS server (NPS). If they don't match, authentication will fail. Ensure that the shared secret is correctly entered on both devices.
- Check Event Logs: Inspect the event logs on the NPS server for more detailed information about the authentication failure. Look for the specific Audit Failure entries related to the authentication attempt. Note any error codes or messages provided in the logs, as they can give you insights into the cause of the mismatch error.
- Enable NPS Debug Logging: Enable debug logging on the NPS server to capture more detailed information about the authentication process. This can provide additional insights into the reason for the user credentials mismatch. Adjust the logging level and examine the debug logs for any specific error messages or clues.
- Verify NPS Server Configuration: Double-check the NPS server configuration, including the authentication methods, policies, and network access settings. Ensure that the NPS server is correctly configured to handle the authentication requests from the Cisco switch.
- Test with Different User: Attempt authentication using a different user account on the Cisco switch to see if the issue persists. This will help determine if the problem is specific to the user account or a more general configuration issue.
- Consult Cisco Documentation: Check the Cisco documentation and support resources for any specific guidelines or troubleshooting steps related to configuring NPS authentication on Cisco switches. There may be device-specific considerations or compatibility issues that need to be addressed.
By following these steps, you should be able to identify the cause of the user credentials mismatch error and take appropriate actions to resolve it.
I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
If the reply was helpful, please don’t forget to upvote or accept as answer.
Best regards.