2008 Server - Network Policy Server


Recommended Posts

Alright, I'm to the point where a request for help needs to be made as much as it hurts my pride. I have an evaluation copy of Windows 2008 RC running on VM Server 1.03 at the moment, if I get the virtual machine operating to my requirements I will implement it to a hardware installation.

Goal: Enabling WPA2+Enterprise Authentication on Wi-Fi AP through use of NPS (RADIUS) features of Windows 2008 Server

Brief Summary of Project Accomplished: Configured NPS through wizard. Assigned connection settings to AP. Assigned connection settings to test client. Login screen appears when connecting to the AP but login attempts fail. Created a local user with matching credientials of the client on the server. Login attempts continue to fail.

Problem: Connectivity between Vista wireless client and 2008 Server has been established. 2008 Server's Event Viewer reports Network Policy Server cannot authenticate the user. Specific error message provided below:

Event ID: 6273 Reason Code: 65
Reason: The connection attempt failed because network access permission for the user account was denied. 
To allow network access, enable network access permission for the user account, or, if the user account 
specifies that access is controlled through the matching network policy, enable network access permission 
for that network policy.

More Details:

Current Setup (Software):

Server 2008 (fresh install)

Network Policy Server role installed via wizard (no other roles or features installed)

Vista Business (test client)

Current Setup (Hardware/Topology):

Linksys WRT54GS Router @ 192.168.1.1

Server on LAN Port 1 @ (static) 192.168.1.120

Clients on LAN Ports 2/3/4 & Wi-Fi AP @ DHCP Range 192.168.1.100-119

Other Comments: I have configured the RADIUS server with generated key and added my RADIUS client (Linksys WRT54GS Router) with the generated key. The RADIUS client (router) is using WPA2+RADIUS for authentication. Followed through the NPS wizard to configure a RADIUS server for Wi-Fi AP. During the configuration a Secure Wireless Connections network policy was created giving access to the Windows Groups BUILTIN\Users, BUILTIN\Power Users, and BUILTIN\Administrator groups. I created three local user accounts on the 2008 Server that belong to the [bUILTIN]Users group of the local machine. Authentication continues to fail when trying any of the three new accounts. I'm not sure where to go from here, do I need another condition? Also, can I use only a single user account to authenticate RADIUS login for multiple clients if the option to supply login credentials other than the client's Windows user account?

npsdz5.jpg

Any ideas on how to get this working?

----------------------------------------------------------

Related Questions about Windows 2008 Server RC Evaluation

- How many times can I activate this an evaluation key (simultaneously) ?

- How long is the evaluation period (90/180/365 days) ?

Edited by Budious
Link to comment
Share on other sites

I think the problem is that the server needs a certificate authority of some type installed to be compliant with the authentication schemes. NPS is a replacement for IAS from Server 2000/2003 and can operate with local SAM user accounts and does not require Active Directory; however, it appears I still need to have to a certificate source.

Link to comment
Share on other sites

  • 6 years later...

This thread is from 2007 ;)  So Chuck are you running on a 2008 Release Candidate as well? ;)

 

So your saying these XP clients worked, but now you clean installed them to 7 or upgraded?  I think it would be best if you created your own thread with your specific details.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.