Remove From My Forums

NPS server authentication question

Question
0

Sign in to vote

Can Windows NPS server 2008R2 authenticate against the AD and its local SAM database at the same time or is it an either/or scenario

Friday, December 23, 2011 10:06 AM

Answers

0

Sign in to vote
Hi Hodgy0_2,

Thanks for posting here.

We can specify the credential in UPN format which will include the domain or local system name when input it and will help system to determine if this credential is domain or local based.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa380525(v=vs.85).aspx

For more information please refer to the link below:

Configure NPS to Use the Security Accounts Manager Database

http://technet.microsoft.com/en-us/library/cc771364(WS.10).aspx

Regards,

Tiger Li

TechNet Subscriber Support in forum

If you have any feedback on our support, please contact tnmff@microsoft.com.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked as answer by Tiger LiMicrosoft employee Tuesday, January 3, 2012 4:50 AM
Monday, December 26, 2011 3:08 AM

All replies

0

Sign in to vote
Hi Hodgy0_2,

Thanks for posting here.

We can specify the credential in UPN format which will include the domain or local system name when input it and will help system to determine if this credential is domain or local based.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa380525(v=vs.85).aspx

For more information please refer to the link below:

Configure NPS to Use the Security Accounts Manager Database

http://technet.microsoft.com/en-us/library/cc771364(WS.10).aspx

Regards,

Tiger Li

TechNet Subscriber Support in forum

If you have any feedback on our support, please contact tnmff@microsoft.com.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked as answer by Tiger LiMicrosoft employee Tuesday, January 3, 2012 4:50 AM
Monday, December 26, 2011 3:08 AM
0

Sign in to vote

Hi Hodgy0_2,

Please feel free to let us know if the information was helpful to you.

Regards,

Tiger Li

TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tnmff@microsoft.com.

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Tuesday, December 27, 2011 1:08 AM
0

Sign in to vote

Hi Tiger

thankyou -- yes I had seen that technet article, It was just unclear whether both user databases (Local SAM and AD DS) can be used at the same time

So the use case is that 95% of users will be authenticated via LDAP queries, but some users (from external parties) would require just user credentials stored in the local SAM database (these external parties should NOT have AD accounts)

So if I read your post correctly Tiger, if the NPS server is joined to a domain (but also configured to look at its local SAM) then a user can just be identified by using the UPN of the user and the NPS server will look into the appropriate user database to authenticate the user on the wire

Cheers

James

Thursday, December 29, 2011 9:20 AM
0

Sign in to vote

Hi James,

Thanks for posting here.

Yes , that was what I mean. Meanwhile, NPS server can only access the SAM database where on itself . We can verify that by switching the location of objects when we assign it in conditions of network policies.

For more information please refer to the introductions below:

NPS: Default Domain

http://technet.microsoft.com/en-us/library/dd197452(WS.10).aspx

Regards,

Tiger Li

TechNet Subscriber Support in forum

If you have any feedback on our support, please contact tnmff@microsoft.com.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Friday, December 30, 2011 3:19 AM
0

Sign in to vote

Hi James,

Please feel free to let us know if the information was helpful to you.

Regards,

Tiger Li

TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tnmff@microsoft.com.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Monday, January 2, 2012 12:53 AM
0

Sign in to vote

Hi Tiger

thank you for your reply

so this means that if you have two NPS servers authenticating both local and AD accounts, the local accounts will need to be updated on each local SAM databases independently of each other to keep them in sync

cheers

James

Tuesday, January 3, 2012 12:42 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

NPS server authentication question

Question

Answers

All replies