none
MS-RAS Vendor identifier attribute

    Question

  • Hi,
    Which value we enter on " MS-RAS Vendor identifier attribute " for unknown vendors OR how can i put blank spaces on  " MS-RAS Vendor identifier attribute ".

    Faraz Hussain

    Monday, January 28, 2013 5:58 AM

Answers

  • Hi,

    Thanks for your post.

    If you do not need to specific the vendor ID of the Network Access Server (VPN server or other device), remove it from the Network Policy conditions.


    Best Regards,
    Aiden


    Aiden Cao
    TechNet Community Support

    Tuesday, January 29, 2013 5:47 AM
    Moderator

All replies

  • Hi,

    Thanks for your post.

    If you do not need to specific the vendor ID of the Network Access Server (VPN server or other device), remove it from the Network Policy conditions.


    Best Regards,
    Aiden


    Aiden Cao
    TechNet Community Support

    Tuesday, January 29, 2013 5:47 AM
    Moderator
  • Hi,

    Is there any way to restricted non-Windows devices on NPS 2008 R2.

    Faraz.

    Tuesday, January 29, 2013 7:44 AM
  • Hi,

    Thanks for your post.

    In order to authenticate based on computer object, you need to change the method to Computer authentication. We cannot implement NPS server to use User base authentication but also restrict for non-domain joined devices. According to your description, I assume that you are setting user group and machine group in condition to give access when specific user logon with specific computer. Please note that even we set 802.1X to use “user or computer authentication”, the NPS cannot judge both conditions in an access request. When authenticating, you are providing a single set of credentials. It’s either a user’s credentials or a machine’s credentials. RADIUS is not validating anything else at a time. So before the user logs on, NPS verify the computer credential for access. If a user logs in, NPS only verify user credential and have no method to also check the machine meet the condition.

    However, if you deployment EAP-TLS or PEAP authentication method, and use an internal CA for NPS. Then, we must get the client joined domain to get the internal Root CA certificate trusted. Otherwise, the authentication failed.

    Best Regards,

    Aiden


    Aiden Cao
    TechNet Community Support

    Tuesday, February 05, 2013 2:21 AM
    Moderator