locked
Network Policy Server on Child domain not working RRS feed

  • Question

  • Hello everyone,

    I have setup NPS for a company that have 24 different locations with EAP (User and Computer auth with Certificate), 5 child domains... NPS works fine for all the users under the main domain but it doesn't work for the child domain users.

    Child domain users don't authenticate. I can't see any traffic through Wireshark but I have checked the forest trust between child domain and the Forest domain and it all looks well. 

    The child domain have wireless access points that are connected to a wireless controller in a different location which is connected to random network switches. The users are supposed to authenticate to the NPS server in the main office (HQ). 

    How do I force all the users in the child domain to authenticate to their own Child DC but from the NPS in the HQ location ? Do I need to create another Connection request policy to authenticate users to their own child DC? 

    thanks


    Mohammed JH

    Wednesday, November 18, 2015 8:15 PM

Answers

  • How do I force all the users in the child domain to authenticate to their own Child DC but from the NPS in the HQ location ? Do I need to create another Connection request policy to authenticate users to their own child DC? 

    Hi moh10ly,

    Yes, we may create another connection request policy in NPS(NPS1) server for users in child domain. In that policy, check "forward requests to the following remote RADIUS server group for authenticate". In advance, we installed NPS role in child DC(NPS2). In NPS1 add NPS2 in remote RADIUS server, in NPS2 add NPS1 in RADIUS client.

    And we need to ensure that users in child domain could only match conditions in the specific policy, then they can be sent to NPS2 for authentication.

    Best Regards,

    Anne

      


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, November 19, 2015 2:43 AM