Sign in to follow this  
Followers 0

2008 Server - Network Policy Server

7 posts in this topic

Posted (edited)

Alright, I'm to the point where a request for help needs to be made as much as it hurts my pride. I have an evaluation copy of Windows 2008 RC running on VM Server 1.03 at the moment, if I get the virtual machine operating to my requirements I will implement it to a hardware installation.

Goal: Enabling WPA2+Enterprise Authentication on Wi-Fi AP through use of NPS (RADIUS) features of Windows 2008 Server

Brief Summary of Project Accomplished: Configured NPS through wizard. Assigned connection settings to AP. Assigned connection settings to test client. Login screen appears when connecting to the AP but login attempts fail. Created a local user with matching credientials of the client on the server. Login attempts continue to fail.

Problem: Connectivity between Vista wireless client and 2008 Server has been established. 2008 Server's Event Viewer reports Network Policy Server cannot authenticate the user. Specific error message provided below:

Event ID: 6273 Reason Code: 65
Reason: The connection attempt failed because network access permission for the user account was denied.
To allow network access, enable network access permission for the user account, or, if the user account
specifies that access is controlled through the matching network policy, enable network access permission
for that network policy.[/codebox]

[u]More Details:[/u]

Current Setup (Software):

Server 2008 (fresh install)

Network Policy Server role installed via wizard (no other roles or features installed)

Vista Business (test client)

Current Setup (Hardware/Topology):

Linksys WRT54GS Router @ 192.168.1.1

Server on LAN Port 1 @ (static) 192.168.1.120

Clients on LAN Ports 2/3/4 & Wi-Fi AP @ DHCP Range 192.168.1.100-119

[u]Other Comments:[/u] I have configured the RADIUS server with generated key and added my RADIUS client (Linksys WRT54GS Router) with the generated key. The RADIUS client (router) is using WPA2+RADIUS for authentication. Followed through the NPS wizard to configure a RADIUS server for Wi-Fi AP. During the configuration a [i]Secure Wireless Connections[/i] network policy was created giving access to the [i]Windows Groups BUILTIN\Users, BUILTIN\Power Users, and BUILTIN\Administrator groups.[/i] I created three local user accounts on the 2008 Server that belong to the [bUILTIN]Users group of the local machine. Authentication continues to fail when trying any of the three new accounts. I'm not sure where to go from here, do I need another condition? Also, can I use only a single user account to authenticate RADIUS login for multiple clients if the option to supply login credentials other than the client's Windows user account?

npsdz5.jpg

Any ideas on how to get this working?

----------------------------------------------------------

[i]Related Questions about Windows 2008 Server RC Evaluation

- How many times can I activate this an evaluation key (simultaneously) ?

- How long is the evaluation period (90/180/365 days) ?[/i]

Edited by Budious

Share this post


Link to post
Share on other sites

Posted

has the windows users account you are trying to get in with got the Dialin property set to "control by Remote Access policy" (or something like that)?

Share this post


Link to post
Share on other sites

Posted

Yes, I have the radio button option selected for "Control access through NPS Network Policy"

Share this post


Link to post
Share on other sites

Posted

I think the problem is that the server needs a certificate authority of some type installed to be compliant with the authentication schemes. NPS is a replacement for IAS from Server 2000/2003 and can operate with local SAM user accounts and does not require Active Directory; however, it appears I still need to have to a certificate source.

Share this post


Link to post
Share on other sites

Posted

I am having this issue now with freshly rolled out Windows 7 Clients from XP. 

Share this post


Link to post
Share on other sites

Posted

Chuck I can help you out tomorrow. I just set this up so the config is fresh in my mind. Very easy to do.

Share this post


Link to post
Share on other sites

Posted

This thread is from 2007 ;)  So Chuck are you running on a 2008 Release Candidate as well? ;)

 

So your saying these XP clients worked, but now you clean installed them to 7 or upgraded?  I think it would be best if you created your own thread with your specific details.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.