Problem Authentication Radius

9 Access point model WAX610D was installed in an office.
We decided to run the Radius 802.1x method.
We use the WPA Enterprise option with MY RADIUS.
When connecting, the user enters the LDAP username and password and an error appears stating that he cannot connect.

I looked in the server logs and the following error appears:
Reason Code: 49
Reason: The RADIUS request did not match any configured connection request policy (CRP).


Is there any configuration to be done, so that we can solve the problem and use the Radius method ??

All Replies

  • Zyxel_Silvia
    Zyxel_Silvia Posts: 47  Zyxel Employee
    edited December 2021
    Dear @Dbarbosasx ,

    Thank you for raising questions.
    we have a post about how to set up radius server,
    please refer: 
    https://community.zyxel.com/en/discussion/10294/nebula-how-to-setup-sign-in-method-with-my-radius-server#latest

    If you have further questions, please feel free to contact us.
    Thank you.
     
    Silvia
  • Dear 

    Thanks for helping us!

    We performed the procedure you sent, but it didn't work.

    The message we get in the Server Windows 2016 event viewer is the same:

    Reason Code: 49
    Reason: The RADIUS request did not match any configured connection request policy (CRP).

    We followed other Zyxel Kbs for Radius configuration and it didn't work either.seu comentário
  • @Zyxel_Silvia

    Thanks for helping us!

    We performed the procedure you sent, but it didn't work.

    The message we get in the Server Windows 2016 event viewer is the same:

    Reason Code: 49
    Reason: The RADIUS request did not match any configured connection request policy (CRP).

    We followed other Zyxel Kbs for Radius configuration and it didn't work either.seu comentário
  • Zyxel_Silvia
    Zyxel_Silvia Posts: 47  Zyxel Employee
    edited December 2021

    Hi @Dbarbosasx ,

    In Windows Server, there are two policy folders under [NPS > Policy]. Based on the log you provided, the issue is relating to the first folder misconfiguration named “Connection Request Policy” (CRP).

    Policies in this folder are used to define if the server should user its own database, or proxy the request to the other authentication server. Where we can define the criteria and corresponding action. (Just like your case) If the incoming request doesn’t match any of the criteria, the error log will then occur.

    So, we recommend you to use the “NPS Wizard” to create all related rules for Wi-Fi authentication.

    First, please follow the directory as the screenshot below, and click “Configure 802.1X”

     


     

    Next, select “Secure Wireless Connection” in the initial page.



     

    Then, click “add” to put Zyxel AP in the trusted RADIUS Client


    Be sure you enter the correct IP address and the Secret (which should be the same as the value set on the Nebula>SSID Setting page)





    (make sure the Secret is the same between Nebula and RADIUS Server)


     

    In the next page, allow PEAP


    Click the “Configuration”, please make sure the selected certificate allows “server authentication



     

    In the User Group, specify the User scope you’d like to use for 802.1X


    After that, you’ve completed the entire setting. Simply click finish, restart your NPS Server to ensure the settings are applied, and then the server can be used for 802.1X authentication for wireless access!

     


    Thank you.


Nebula Tips & Tricks