locked
how do I configure NPS to test as simple as PAP? RRS feed

  • Question

  • I use NTRadping to test my NPS configuration, I gave NPS very simple policies and test authentication just using PAP,  oddly I had some success attemps but then failed afterward( can't recall what I have changed)

    my setup is pretty simple, no AD in the test scnerio, and NPS is not in any domain. I just created a local computer user. I got several error from event viewer:

    (1)
    User xxx123 was denied access.
     Fully-Qualified-User-Name = <undetermined>
     Machine-Name = <not present>
     OS-Version = <not present>
     NAS-IP-Address = <not present>
     NAS-IPv6-Address = <not present>
     NAS-Identifier = <not present>
     Called-Station-Identifier = <not present>
     Calling-Station-Identifier = <not present>
     Client-Friendly-Name = NTRadPingCleint
     Client-IP-Address = 1x1.x9.x5.x03
     Client-IPv6-Address = <not present>
     NAS-Port-Type = <not present>
     NAS-Port = <not present>
     Connection-Request-Policy-Name = <none>
     Policy-Name = <undetermined>
     Authentication-Provider = <undetermined>
     Authentication-Server = LH-O7PLXMLZBZSZ
     Authentication-Type = <undetermined>
     EAP-Type = <undetermined>
     Account-Session-Identifier=<not present>
     Reason-Code = 49
     Reason = The connection attempt did not match any connection request policy.

    (2)
     Machine-Name = <not present>
     OS-Version = <not present>
     NAS-IP-Address = <not present>
     NAS-IPv6-Address = <not present>
     NAS-Identifier = <not present>
     Called-Station-Identifier = <not present>
     Calling-Station-Identifier = <not present>
     Client-Friendly-Name = NTRadPingCleint
     Client-IP-Address = 1x1.x9.x5.x03
     Client-IPv6-Address = <not present>
     NAS-Port-Type = <not present>
     NAS-Port = <not present>
     Connection-Request-Policy-Name = NTRadPingPAP
     Policy-Name = NTRadPingPAP
     Authentication-Provider = Windows
     Authentication-Server = LH-O7PLXMLZBZSZ
     Authentication-Type = PAP
     EAP-Type = <undetermined>
     Account-Session-Identifier=<not present>
     Reason-Code = 70
     Reason = The user attempted to connect using a dial-in medium that did not match the restricted dial-in media. Check the dial-in constraints for the matching remote access policy.


    please help.


    Saturday, June 2, 2007 12:06 AM

Answers

  • The first error seems to be due to no policy match (as the event log indicates). Most likely, your policies were not enabled or PAP was not one of the supported authentication methods for any of the policies.

     

    The second event log most likely would have occurred after you corrected the above issues (enable policy, enable PAP authentication); again, it is likely that your policy matched, but failed constraints related to NAS Port Type. Please make sure that you either have no such constraints or your RADIUS client sends in the correct NAS-Port-Type indication in the Access-Request.

    Friday, June 8, 2007 4:05 PM