This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Network Policy Server on Child domain not working

Question
0

Sign in to vote

Hello everyone,

I have setup NPS for a company that have 24 different locations with EAP (User and Computer auth with Certificate), 5 child domains... NPS works fine for all the users under the main domain but it doesn't work for the child domain users.

Child domain users don't authenticate. I can't see any traffic through Wireshark but I have checked the forest trust between child domain and the Forest domain and it all looks well.

The child domain have wireless access points that are connected to a wireless controller in a different location which is connected to random network switches. The users are supposed to authenticate to the NPS server in the main office (HQ).

How do I force all the users in the child domain to authenticate to their own Child DC but from the NPS in the HQ location ? Do I need to create another Connection request policy to authenticate users to their own child DC?

thanks

Mohammed JH

Wednesday, November 18, 2015 8:15 PM

Answers

0

Sign in to vote
How do I force all the users in the child domain to authenticate to their own Child DC but from the NPS in the HQ location ? Do I need to create another Connection request policy to authenticate users to their own child DC?

Hi moh10ly,

Yes, we may create another connection request policy in NPS(NPS1) server for users in child domain. In that policy, check "forward requests to the following remote RADIUS server group for authenticate". In advance, we installed NPS role in child DC(NPS2). In NPS1 add NPS2 in remote RADIUS server, in NPS2 add NPS1 in RADIUS client.

And we need to ensure that users in child domain could only match conditions in the specific policy, then they can be sent to NPS2 for authentication.

Best Regards,

Anne

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
- Proposed as answer by Anne HeMicrosoft contingent staff Monday, November 30, 2015 9:13 AM
- Marked as answer by Anne HeMicrosoft contingent staff Wednesday, December 2, 2015 6:31 AM
Thursday, November 19, 2015 2:43 AM