Hello.
I have a problem with my MS Windows Server 2008R2 with installed Network Policy and Access Services role.
All PCs in my network authorized by this server and everything is fine, but i have a problem with authentication MFPs and printers (HP and Kyocera).
I created users for printers and network policy to assign it to properly VLAN using PEAP (EAP-MS-CHAP-v2) authentication. After specifying at printer domain username and password I set port on my switch in authentication mode, but server told me that there
is a error with code 23 - An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors
- there is a same error for all printers in my LAN
There is CA-server in my network, and certificate for NPS-server issued by it. I tried to install certificate of this CA (and NPS-server) on printers, but it does not matter for it.
In IASSAM.log there is the next messages about authentication attempts:
[5140] 11-04 12:49:39:877: NT-SAM Names handler received request with user identity PRINTERUSER@DOMAINNAME
[5140] 11-04 12:49:39:877: Successfully cracked username.
[5140] 11-04 12:49:39:877: SAM-Account-Name is "DOMAINNAME\PRINTERUSER".
[5140] 11-04 12:49:39:877: Successfully created new RAP Based EAP session for user DOMAINNAME\PRINTERUSER
[5140] 11-04 12:49:39:877: No AUTHENTICATION extensions, continuing
[5140] 11-04 12:49:39:877: NT-SAM Authentication handler received request for DOMAINNAME\PRINTERUSER
[5140] 11-04 12:49:39:877: Validating windows user account DOMAINNAME\PRINTERUSER
[5140] 11-04 12:49:39:877: Sending LDAP search to dc.DOMAINNAME.
[5140] 11-04 12:49:39:877: Successfully validated windows account DOMAINNAME\PRINTERUSER
[5140] 11-04 12:49:39:877: NT-SAM User Authorization handler received request for DOMAINNAME\PRINTERUSER
[5140] 11-04 12:49:39:877: Using native-mode dial-in parameters.
[5140] 11-04 12:49:39:877: Sending LDAP search to dc.DOMAINNAME.
[5140] 11-04 12:49:39:877: Successfully retrieved per-user attributes.
[5140] 11-04 12:49:39:877: Allowed EAP type: 25
[5140] 11-04 12:49:39:877: Allowed EAP type: 26
[5140] 11-04 12:49:39:877: Succesfully created EAP Host session with session id 1218224
[5140] 11-04 12:49:39:877: Processing output from EAP: action:1
[5140] 11-04 12:49:39:877: Inserting outbound EAP-Message of length 6.
[5140] 11-04 12:49:39:877: Issuing Access-Challenge.
[5140] 11-04 12:49:39:877: No AUTHORIZATION extensions, continuing
[7224] 11-04 12:49:39:924: Successfully retrieved session (1218224) for user DOMAINNAME\PRINTERUSER
[7224] 11-04 12:49:39:924: No AUTHENTICATION extensions, continuing
[7224] 11-04 12:49:39:924: Processing output from EAP: action:1
[7224] 11-04 12:49:39:924: Inserting outbound EAP-Message of length 1462.
[7224] 11-04 12:49:39:924: Issuing Access-Challenge.
[7224] 11-04 12:49:39:924: No AUTHORIZATION extensions, continuing
[5140] 11-04 12:49:39:955: Successfully retrieved session (1218224) for user DOMAINNAME\PRINTERUSER
[5140] 11-04 12:49:39:955: No AUTHENTICATION extensions, continuing
[5140] 11-04 12:49:39:955: Processing output from EAP: action:1
[5140] 11-04 12:49:39:955: Inserting outbound EAP-Message of length 1325.
[5140] 11-04 12:49:39:955: Issuing Access-Challenge.
[5140] 11-04 12:49:39:955: No AUTHORIZATION extensions, continuing
[7224] 11-04 12:49:39:986: Successfully retrieved session (1218224) for user DOMAINNAME\PRINTERUSER
[7224] 11-04 12:49:39:986: No AUTHENTICATION extensions, continuing
[7224] 11-04 12:49:39:986: Processing output from EAP: action:2
[7224] 11-04 12:49:39:986: Translating attributes returned by EAPHost.
[7224] 11-04 12:49:39:986: EAP authentication failed.
[7224] 11-04 12:49:39:986: No AUTHORIZATION extensions, continuing
[7224] 11-04 12:49:39:986: Inserting outbound EAP-Message of length 4.
Can anybody explain what i need to do to make my printers will authenticated by NPS server?
