locked
Windows 2012 NPS-Radius Client connectivity issue RRS feed

  • Question

  • Hi,
    I am naive to Windows NPS-Radius concept,i have working Active Directory Domain Controller and integrated DNS installed in a server,installed and configured AD Certificate Service,DHCP and NPS roles in another server.
    Configured DHCP with a proper Scope,my Apple Wifi even got the IP from my DHCP Server and the same is reserved too,i created a Self-Signed Certificate for NPS and configured the below NPS-Radius option.

    1. Under NPS(Local) Radius Client -->Included Radius Clients and assigned Firendly Name As Radius-Test
        i) Address(IP or DNS)entered my Apple Wifi IP which is assigned through my DHCP Server and Manually entered the Shared Secret which is entered in Apple Wifi too.
    2. Configured Radius server for 802.1X Wireless or Wired connections-->Secure Wireless Connections, Radius Client Shown the above 1st configuration
        i)At Configure Authentication Method Selected Microsoft Protected EAP(PEAP)-->found my Self-Signed Certificate
        i)At Specify User Groups-->Selected my wifi-authenticated user groups and then Next, Next Finish
    3. Connections Request Policies -->Left the Default Radius-Test & Use Windows authentication for all users without any changes
    4. Network Policies --> Radius-Test--> Grant Access is selected and Ignore User account dial-in properties is Mark Checked
        i)Under Conditions selected -->NAS Port type --> Wireless other or Wireless - IEEE 802.11
        i)Included Windows Groups --> wifi-authenticated
        i)Constraints --> Added Microsoft Protected EAP (PEAP)
    5. AD User & Computers --> User Name : John --> Properties--> Dial in --> Control Access through NPS Network Policy
    6. Apple Wifi Configuration--> Selected EAP Enterprise --> Radius Server entered my Radius Server IP and the same shared password used in NPS Configuration.
    But When user try to connect wifi(Radius-Test) it prompts for user name password, when enters ad\john and pwd it is not getting connected and finds the attached error under Eventviewer.

    Any help please!!


    Mohammed...

    Thursday, November 22, 2018 5:27 AM

All replies

  • Hi,

    • change Dial-in property to Allow access, then check the result.
    • Or add User Groups into NPS policy conditions.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, November 22, 2018 9:18 AM
  • Hi Travis,

    Thanks for your reply, i tried both the option noting worked.

    Is it so only NPS can be used with Access Point not with Wifi\Modem??

    I am trying with my Apple Modem, configured all the things properly but ends up with connection error as attached above.

    Any help please!!


    Mohammed...

    Thursday, November 22, 2018 10:19 AM
  • Hi,

    RADIUS clients are network access servers, such as wireless access points, virtual private network (VPN) servers, 802.1X-capable switches, and dial-up servers. 

    I am not sure if NPS supports Apple Modem.

    I would suggest you contact Apple Customer Services to confirm it.

    https://support.apple.com/

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Friday, November 23, 2018 2:50 AM
  • Hi Travis,

    Thanks for your reply, from your above it statement it suggest, Access point alone can be adopt for Radius Authentications not the modems!

    I will contact Apple Support for my queries..


    Mohammed...

    Friday, November 23, 2018 3:32 AM
  • Hi,

    If you resolve the problem, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, November 23, 2018 5:58 AM
  • Sorry for delay in response, i guess Wifi Modem cannot be manipulated under Windows Radius Server.

    I have successfully configured using Unifi Access Point, now the client can able to access the wifi using domain credentials.

    But is there a policy or way to restrict one login for one Access\Machine, as when i connect the Access point using the same credential at my mobile and laptop, both gets connected.

    I wanted to restrict login based on just laptop and desktop not the personal mobiles that too one login for one device, can anyone please help me to find this...!


    Mohammed...

    Tuesday, November 27, 2018 11:41 AM
  • Hi,

    Please refer to the link below:

    https://dethadoesit.wordpress.com/2017/04/04/windows-2008-r2-radius-server-configuration-part-2/ 

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.  

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, November 28, 2018 9:30 AM
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Saturday, December 1, 2018 11:36 PM