locked
802.1x wired configuration with NPS RRS feed

  • Question

  • Hi All,

    I got the some issue when i deployed wired 802.1x with NPS. i want to use EAP-TLS and certificate for authentication.But i don't want to join domain and i don't want to type user name and password after workstation is restart.I can deploy domain computer with certificate authentication .We can find many reference guides user PEAP authentication with MS-CHAPv2 .

    I cannot find reference guide for workgroup computer with NPS and MAB configuration reference with NPS.Some reference didn't work.

    Last time i use EAP-TLS and computer certificate to authenticate workgroup computers with NPS.But i got authenticate fail error.

    is there a guide somewhere to know how to set EAP-TLS or EAP-TTLS on a Microsoft NPS server for workgroup and MAB configurations ? What kind of solution should i use to avoid typing user name and password ?

    Monday, March 25, 2019 7:16 AM

Answers

All replies

  • Hi,

    Microsoft NPS server only supports  EAP-TLS authentication.

    Choose configure NAP on radius console, then select IEEE 802.1x(Wired). 

    Please refer to the link below:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753354(v%3dws.10)  

    https://routemypacket.com/2017/12/31/nps-settings-for-mac-authentication-bypass-mab-using-802-1x/

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, March 26, 2019 3:10 AM
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, March 27, 2019 6:43 AM
  • Hi ,

    I tried many time for EAP-TLS.Now i can authenticate built in user template only.If i use custom template and use local computer authentication ,i got the authentication problem.I don't know why?

    The other problem is now MAB.I test not only stored mac in AD as user account but also in NPS .I still got error and then My NPS accounting is doesn't work. i didn't see logs.And Let me know in your link i saw the check "Accept user without validating credentials ".This mean allow any device and don't use authentication,correct ? 



    • Edited by CryptoUGyi Thursday, March 28, 2019 5:21 AM
    Thursday, March 28, 2019 1:21 AM
  • Hi,

    Why use local computer authentication? You should use DC authentication.

    How did you configure your AP? The authentication method should be the same on NPS, AP and clients.

    Yes, radius can allow devices connect without a validate credential.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, March 28, 2019 9:34 AM