locked
MAC Authentication + Windows Server 2008 R2 Radius server RRS feed

  • Question

  • Hello there,

    I have been trying to configure the MAC Authentication on Windows Server Network Policy Server but no success. Details on my configuration can be find below.

    I have firstly enabled the Mac Authentication on 3com switch 4400 model.

    enabling  -> Mac-authentication

    enabling authentication mode -> UsernameAsMacAddress

    configuring a domain - mac-authentication domain abc.local.

    I left the default Vlan (Vlan1)

    While on my DC, I created a user

    username: 00-00-00-00-00-00

    password: 00-00-00-00-00-00

    Lastly on the NPS Server, I configured the 802.1x Wired configuration, I configured the NAS (Radius Client) whici is the 3com Switch.

    After completing the configurations, I turned on my computer with and logged on to the domain abc\00-00-00-00-00-00 with the password. But there was no success when the computer tried to connect to the network looking for DHCP services to obtain IP address.

    On the NPS event service, I got:

    User:
    Security ID: NULL SID
    Account Name: 00-00-00-00-00-00@abc.local
    Account Domain: abc
    Fully Qualified Account Name: abc\00-00-00-00-00-00

    Client Machine:
    Security ID: NULL SID
    Account Name: -
    Fully Qualified Account Name: -
    OS-Version: -
    Called Station Identifier: -
    Calling Station Identifier: 0000-0000-0000
    NAS:
    NAS IPv4 Address: xxx.xxx.xx.xx
    NAS IPv6 Address: -
    NAS Identifier: 00aa00aa00aa
    NAS Port-Type: Ethernet
    NAS Port: 12345678

    RADIUS Client:
    Client Friendly Name: 3com
    Client IP Address: xxx.xxx.xx.xx

    Authentication Details:
    Connection Request Policy Name: NAP 802.1X (Wired) 2
    Network Policy Name: -
    Authentication Provider: Windows
    Authentication Server:   server.abc.local
    Authentication Type: PAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 16
    Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

    All I could find was " Authentication failed due to the reason appeared in the reason code but I am very sure that the name and the password are the same. I hope someone can help me out. 

    Thanks.


    • Edited by Adedeji Monday, October 29, 2012 7:21 PM
    Monday, October 29, 2012 7:19 PM

Answers

  • Hi,

    Thanks for your post.

    MAC address authorization is performed when the user does not type in any user name or password, and refuses to use any valid authentication method. In this case, Network Policy Server (NPS) receives the Calling-Station-ID attribute, and no user name and password. To support MAC address authorization, Active Directory Domain Services (AD DS) must have user accounts that contain MAC addresses as user names.

    For more detailed information about MAC Address Authorization, please refer to the below article. Hope it helps.

    MAC Address Authorization
    http://technet.microsoft.com/en-us/library/dd197535(WS.10).aspx


    Best Regards,
    Aiden


    Aiden Cao

    TechNet Community Support

    • Proposed as answer by Aiden_Cao Monday, November 5, 2012 2:27 AM
    • Marked as answer by Aiden_Cao Tuesday, November 6, 2012 5:35 AM
    Wednesday, October 31, 2012 5:18 AM

All replies

  • Hi,

    Thanks for your post.

    MAC address authorization is performed when the user does not type in any user name or password, and refuses to use any valid authentication method. In this case, Network Policy Server (NPS) receives the Calling-Station-ID attribute, and no user name and password. To support MAC address authorization, Active Directory Domain Services (AD DS) must have user accounts that contain MAC addresses as user names.

    For more detailed information about MAC Address Authorization, please refer to the below article. Hope it helps.

    MAC Address Authorization
    http://technet.microsoft.com/en-us/library/dd197535(WS.10).aspx


    Best Regards,
    Aiden


    Aiden Cao

    TechNet Community Support

    • Proposed as answer by Aiden_Cao Monday, November 5, 2012 2:27 AM
    • Marked as answer by Aiden_Cao Tuesday, November 6, 2012 5:35 AM
    Wednesday, October 31, 2012 5:18 AM
  • Hello
    and in this case , if I already have an environment that has the user authentication on NPS , and need to add together the mac adress authentication , it is possible ?
    Because from what I understand , to change the key Override User -Name , the entire authentication NPS server passes no longer by User but by MAC .. or am I mistaken?
    Thanks in advance

    Wednesday, December 17, 2014 10:42 AM
  • Hi

    I'm interested in the same thing, to be able to authenticate users both by MAC and User / Password, I haven't been able to find a clear explanation on how to do it on NPS.

    Thanks for your help.

    Thursday, March 5, 2015 9:35 PM