NPS-RADIUS problems with authentication methods.

-

hi! have next scenario:

pki infrastructure: 1 offline standalone root ca (server a) , 1 enterprise subordinate ca (serverb). both windows server 2008 r2 enterprise. serverb 1 use give certificates.

servidor nps-radius (serverc): windows server 2008 r2, certificate of server issued serverb using template workstation.

access point (ap-radius): configured radius client on serverc.

the authentication method i'm using, is: eap-tls; clients i'm issuing certificates, either workstation or user certificate. both templates version 1 (windows 2000).

when connect access radius, prompts me user/pwd (maybe because have 2 rules, 1 has condition of 'domain users' , other asks 'domain computers'). here added rule in nps named 'only certificates':

under network policies:

         condition: nas port - wireless ieee 802.11

         policy enabled, grant network access.

         restrictions: authentication methods: eap types: smart card or certificate - (eap-tls)

         processing order: 2 (the 1st policy auths domain computers eap-tls, , 3rd, domain users)

note: on network request policy section, don't have enabled 'invalidate configuration of network authentication policy' (sorry i'm translating spanish) on policy.

but, when connect again on non-domain computer, still prompts me user/pwd. if type data, denies me access. when check log on nps-radius server, on event viewer find: motive code: 22 motive: client can't authenticated because server can't process eap type.

the question is: shouldn't asking me credentials, right? in event, shows me using network policy defined recently.

 

hi luis,

 

thanks posting here.

 

which windows version running on client computers ?

since these non-domain joined computer , should import ca client accessing ca website first. , suspect might not set network authentication method client either. suggest take links below , following introduction configure client:

 

configure wireless computers running windows vista use eap-tls

http://technet.microsoft.com/en-us/library/dd283057(ws.10).aspx

 

configure computers running windows xp use eap-tls

http://technet.microsoft.com/en-us/library/dd283002(ws.10).aspx

 

thanks.

 

tiger li

 

technet subscriber support in forum

if have feedback on our support, please contact tngfb@microsoft.com

please remember click “mark answer” on post helps you, , click “unmark answer” if marked post not answer question. can beneficial other community members reading thread.


Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

Failed to setup initiator portal. Error status is given in the dump data.

-
hi team, server configured boot san  after booting  facing issue windows server 2008 r2 system logs continuously generating iscsi port error event id 5 failed setup initiator portal. error status given in dump data. eventdata \device\raidport1 000004000100000000000000050000c0000000000000000000000000000000000000000000000000070200c0 binary data: in words 0000: 00040000 00000001 00000000 c0000005 0008: 00000000 00000000 00000000 00000000 0010: 00000000 00000000 c0000207 in bytes 0000: 00 00 04 00 01 00 00 00 ........ 0008: 00 00 00 00 05 00 00 c0 .......À 0010: 00 00 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 07 02 00 c0 ...À hi, please read through article below troubleshoot issue: error event id 5 logged in system log on computer uses iscsi software initiator connect iscsi target device http://suppo...
Read more

Invalid pointer on gpresult /h gpreport.html

-
hello guys i getting following error when trying generate gpresult /h  xxx.html invalid pointer this happening on windows 7 pc using test group policy. tried pc same thing when same gpo applied . hi, try apply some other gpo clients, html report generated succefully? if no, may caused unregistered .dll files, try register .dll files previous thread suggested: http://social.technet.microsoft.com/forums/en-us/winservergp/thread/0ea20c5d-c0ae-457d-89d4-a1686a359e72 if yes, please tell detailed information problematic gpo settings reproduce problem , troubleshooting it. regards, cicely Windows Server  >  Group Policy
Read more