none
Computer authentication not working 802.11 for Wireless security using NPS Server RRS feed

  • Question

  • Hello,

    I am not sure if I submitted this to the correct forum.  I couldn't find anything related to Radius server.  

    Our goal is to centralize the Wireless access from all company locations using Radius server.  I have NPS server set up to authenticate domain computer and allow access to network.  Current scenarios:

    • NPS Server has CA signed cert.
    • WiFi profile is pushed to all domain computers using GPO
    • Access Points at local and remote locations are RADIUS Clients
    • Network policy Authentication using PEAP and secure password EAP-MSCHAP-V2
    • The domain computer is authenticated and allowed access from local office (Radius client and NPS are on the same LAN)
    • The domain computer is authenticated and allowed access from remote office (Radius client and NPS are connected through WAN)
    • Same domain computer cannot authenticate from remote office that the Radius client is connected through Site-to-site VPN.  Radius communication is traversed through IPSEC Tunnel.   

    Are there any adjustment and/or workaround to get this to work from site-to-site VPN office.

     

    Wednesday, August 15, 2018 6:24 PM

All replies

  • Hi,

    that should work through <g class="gr_ gr_34 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" data-gr-id="34" id="34">a S2S</g> VPN just fine. I recommend <g class="gr_ gr_132 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" data-gr-id="132" id="132">to check</g> if all access points can communicate with the NPS in headquarters with ping/<g class="gr_ gr_162 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling" data-gr-id="162" id="162">tracert</g>. If so check that firewall ports are open (https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-firewalls-configure). If the network communication is fine you should see something in the <g class="gr_ gr_373 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="373" id="373">eventlog</g> of the NPS server so you can tell if the access point <g class="gr_ gr_517 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="517" id="517">fromn</g> the remote location is sending something.

    Hope this helps,

    Lutz 

    Friday, August 17, 2018 4:09 PM