locked
Radius Logging of end user client device IP address not showing up in Logs RRS feed

  • Question

  • A little back ground,

    I am using Server 2012 for Radius authentication of my wireless clients.

    This server running NPS (Radius) is not the Domain Controller just a member server on the network.

    DHCP is running on another server on my network.

    The problem I am having is the Radius logs do not contain the client device ip address only the AD user names.

    The logs do contain the Radius server IP address, and the Access point IP address leaving out the client IP address.

    This is a School District and we have to filter the internet content for all clients.

    Radius is a great authentication method but without the ip address of the clients in the logs I can not apply the proper policies to the different groups. So what happens is everyone get the default most restrictive policy students, and staff.

    Bottom line how do I configure the Radius server to insert the IP address in the logs?

    Thanks,

    Friday, January 3, 2014 5:14 PM

Answers

  • Hi,

    I found that if you enable the statement of health from the client machine, this will cause the client's FQDN to be included (as well as OS version) in event 6272. You also need to enable the NAP Agent service and an enforcement client. Obviously you can get the IP address if you have the FQDN.

    However, the Access Client IPv4 Address condition does not work in this scenario.

    I believe you can only use the IPv4 address as a condition for VPN clients, and in this case it will show up in logs.

    -Greg


    Thursday, January 9, 2014 10:41 PM

All replies

  • Hi Rick,

    I'm looking at this for you. Right now I'm having a problem seeing the IP address too. I thought it would show up in NPS logs (under system32\logfiles) and some of my connection attempts here do show the FQDN of the client but some don't.

    I'll let you know what I find out.

    -Greg

    Saturday, January 4, 2014 3:31 AM
  • I've not found out anything yet, but haven't had a lot of time to look at this.

    I am trying to determine why NULL SID is displayed instead of the access client name and IP address.

    -Greg

    Thursday, January 9, 2014 7:25 AM
  • Hi,

    I found that if you enable the statement of health from the client machine, this will cause the client's FQDN to be included (as well as OS version) in event 6272. You also need to enable the NAP Agent service and an enforcement client. Obviously you can get the IP address if you have the FQDN.

    However, the Access Client IPv4 Address condition does not work in this scenario.

    I believe you can only use the IPv4 address as a condition for VPN clients, and in this case it will show up in logs.

    -Greg


    Thursday, January 9, 2014 10:41 PM
  • Hi Greg,

    I'm trying to authenticate win7 client through HP v1910-48G switch to NPS radius server, keep getting authentication error. 

    This is test environment and don't need any certificate. Switch is set based on MAC address and not port based authentication. 

    I don't see any logs on NPS server. Anything i can test from windows client machine. 

    Ping works from switch to NPS server.

    Please help. 

    Rishi

    Wednesday, October 8, 2014 9:15 PM