locked
cannot authenticate to Radius RRS feed

  • Question

  • Can someone advise what error below might mean as I cannot get our iphones to connect to the wifi. This is the error I get. The iphone has the correct certificate and it is not expired.

    Network Policy Server denied access to a user.

    Contact the Network Policy Server administrator for more information.

    User:

    Security ID: bb\bobmarcin

    Account Name:   bb\bobmarcin

    Account Domain:   bb

    Fully Qualified Account Name: bb.local/finance/bobmarcin

    Client Machine:

    Security ID: NULL SID

    Account Name: -

    Fully Qualified Account Name: -

    OS-Version: -

    Called Station Identifier: 00-23-5a-71-09-f0:bb-wifi

    Calling Station Identifier: 08-74-92-a2-5e-5a

    NAS:

    NAS IPv4 Address: 10.2.1.11

    NAS IPv6 Address: -

    NAS Identifier: SUM-WLC2

    NAS Port-Type: Wireless - IEEE 802.11

    NAS Port: 1

    RADIUS Client:

    Client Friendly Name: bb-wireless

    Client IP Address: 10.2.1.11

    Authentication Details:

    Connection Request Policy Name: wireless

    Network Policy Name:  bb wireless

    Authentication Provider: Windows

    Authentication Server: bb-dc1.bb.local

    Authentication Type: EAP

    EAP Type: Microsoft: Smart Card or other certificate

    Account Session Identifier: 35383676513738352F30383A37343A30323A62323A35363A35662F231233555034

    Logging Results: Accounting information was written to the local log file.

    Reason Code: 23

    Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.

    Thursday, January 5, 2017 8:17 PM

All replies

  • As mentioned, check EAP log file for EAP errors: https://social.technet.microsoft.com/Forums/office/en-US/387428f8-44fe-4e94-93ea-df13da401762/check-eap-log-files-for-eap-errors-23?forum=winserverNAP

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile


    • Edited by Mr XMVP Friday, January 6, 2017 12:35 AM
    Friday, January 6, 2017 12:34 AM
  • Hi bubba,

    Please check if the client also store the "Trusted root certificate" of the certificate used on NPS policy for EAP.

    Besides, since this issue is more related with NPS authenticate, I'll move this post to NAP forum, so that you may get more professional help.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 6, 2017 2:13 AM
  • The device has the correct certificate that we are using on the NPS policy.
    Friday, January 6, 2017 3:39 PM
  • Hi bubba,

    I mean the trusted root certificate stores on Wifi clients, do you checked it? In another word, do clients trust the server's certificate.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, January 9, 2017 8:36 AM
  • Hi,

    Just to check if the above reply could be of help? If yes, you may mark useful reply as answer, if not, feel free to feedback.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 25, 2017 2:11 AM