Goal: Enabling WPA2+Enterprise Authentication on Wi-Fi AP through use of NPS (RADIUS) features of Windows 2008 Server
Brief Summary of Project Accomplished: Configured NPS through wizard. Assigned connection settings to AP. Assigned connection settings to test client. Login screen appears when connecting to the AP but login attempts fail. Created a local user with matching credientials of the client on the server. Login attempts continue to fail.
Problem: Connectivity between Vista wireless client and 2008 Server has been established. 2008 Server's Event Viewer reports Network Policy Server cannot authenticate the user. Specific error message provided below:
Event ID: 6273 Reason Code: 65Reason: The connection attempt failed because network access permission for the user account was denied. To allow network access, enable network access permission for the user account, or, if the user account specifies that access is controlled through the matching network policy, enable network access permission for that network policy.
Current Setup (Software):
Server 2008 (fresh install)
Network Policy Server role installed via wizard (no other roles or features installed)
Vista Business (test client)
Current Setup (Hardware/Topology):
Linksys WRT54GS Router @ 192.168.1.1
Server on LAN Port 1 @ (static) 192.168.1.120
Clients on LAN Ports 2/3/4 & Wi-Fi AP @ DHCP Range 192.168.1.100-119
Other Comments: I have configured the RADIUS server with generated key and added my RADIUS client (Linksys WRT54GS Router) with the generated key. The RADIUS client (router) is using WPA2+RADIUS for authentication. Followed through the NPS wizard to configure a RADIUS server for Wi-Fi AP. During the configuration a Secure Wireless Connections network policy was created giving access to the Windows Groups BUILTIN\Users, BUILTIN\Power Users, and BUILTIN\Administrator groups. I created three local user accounts on the 2008 Server that belong to the [BUILTIN]Users group of the local machine. Authentication continues to fail when trying any of the three new accounts. I'm not sure where to go from here, do I need another condition? Also, can I use only a single user account to authenticate RADIUS login for multiple clients if the option to supply login credentials other than the client's Windows user account?
Any ideas on how to get this working?
Related Questions about Windows 2008 Server RC Evaluation
- How many times can I activate this an evaluation key (simultaneously) ?
- How long is the evaluation period (90/180/365 days) ?
Edited by Budious, 20 October 2007 - 06:51.