How To Troubleshoot Cloud RADIUS Entra ID Authentication

How To Troubleshoot Entra ID Wifi Authentication in EZRADIUS

If you have setup your Cloud RADIUS instance and are having trouble authenticating users with Entra ID, this guide will help you troubleshoot your Cloud RADIUS configuration for Entra ID Wifi Authentication in EZRADIUS.

How to Troubleshoot Entra ID RADIUS Username not found

The most common issue with Entra ID authentication is that the username is not found. This is usually caused due to your device defaulting to MSChapV2 authentication which is not supported by Entra ID, therefore EZRADIUS assumes that the username is for a local user. To solve this issue, you need to configure your client device to use EAP-TTLS PAP authentication. For testing, you can do it manually in the device, however this does not scale well. To solve this issue at scale, you can use your MDM to push the wifi profile (once the profile is installed then the user will login as usual with username and password) or the EZRADIUS Profile creator that allows you to create wifi profiles and send them to your users.

How to Troubleshoot Entra ID RADIUS Authentication Is Successful but Conditional Access shows as Failed

If you see that the RADIUS authentication is successful but the Conditional Access shows as failed, this is because since RADIUS authentication does not support MFA authentication (If you are looking for a more secure way to authenticate look at EAP-TLS), the Conditional Access will fail but EZRADIUS will still allow the user to connect to the network. To solve this issue, you will have to whitelist EZRADIUS IP addresses in your Conditional Access policy.