Hi Antony, EAP-PEAP is always EAP-TLS+MS-CHAPv2 (outer-tunnel based on SSL and inner-tunnel authenticated through MS-CHAPv2). MS Server 2008 NAP or Windows Server 2003 IAS, things you should pay attention: -I assume you have installed Windows Certifcate Services to generate the RADIUS/IAS cert? This is mandatory, because once you setup the WLAN IAS Profile and you choose PEAP, IAS needs a Server certificate (use the usual RAS/VPN Certificate Templates, all you need is  the server OID in advanced key usage). If not, you don't get any error, but of course the outer-tunnel authentication will not work and PEAP authentication will fail! -Check out the IAS WLAN Profile properties and in the authentication tab,  ensure you have not used Smartcard/Certifcate as main method. If so  your authentication would also fail, because IAS is expecting client-cert  authentication from your wlan client and not the Active Directory user/pwd. -ensure you have assigned the right AD group to the IAS WLAN profile, or   no group. Of course any AD user you are using in this scenario, must have the Remote Dialin attribute enabled! I'm a big fan of Windows Certifcate Services and RADIUS, let me know if you need anything else ;-) Rgds, Gerald

Hi Gerald, David, Robert Thanks for your support and information. I have resolved my problem just by re-installed and configured the Windows 2003 Server again. I don't know what happened in the prevoiuse installation. It couldn't work even if I followed completely the guideline advised by you and MS. But now, I can perform the 802.1X. Many thanks. Your information is very helpful. Regards Antony

What authentication method are you trying to use?  If EAP-TLS there are some specific attributes that have to be set in the certificate that you spin up from the MS CA in order for it to work. I have working IAS and NPS configurations at home on VM images.  Just used NPS this week, would have to unarchive the IAS image but I know if was working as well. Please provide more details and I can check my config when I get home tomorrow. David

Hi David Thanks for your response. It should be EAP-MSCHAR-V2 which, I think, it also use TLS. The following is the WLAN profile I setup in Windows XP sp3. Please check the attached screen shoot for detail. EAP Type :    PEAP Valid server certificate : disable (That is no validiation on the server cert) Authentication Method:    EAP-MSCHAP-V2 I can get authenticated with FreeRadius with the same WinXP WLAN profile and RFS WLAN conf. But still failed with IAS. Do appreciate if you can send me some instructions in setting up the IAS.

Check out this doc from Microsoft "Securing Wireless LANs with PEAP and Passwords". http://www.microsoft.com/download/en/details.aspx?id=9904 This should help you Also attached a guide for basic ias configuration