RADIUS authentication fails on Microsoft Network Policy Server (NPS)
22130
Created On 09/26/18 13:47 PM - Last Modified 06/09/23 09:14 AM
Symptom
Symptoms
RADIUS authentication fails when Microsoft Network Policy Server (NPS) passwords contain accented characters.
For example: ó, ò, ñ
Diagnosis
NPS does not encode RADIUS password in UTF-8 as expected by RFC286.
NPS is encoding password in EASCII.
As we comply with RFC, passwords will mismatch when received and checked by Palo Alto Networks firewall authentication daemon (authd).
Resolution
Avoid using any accented characters in the NPS password.