Budious Posted October 20, 2007 Share Posted October 20, 2007 (edited) Alright, I'm to the point where a request for help needs to be made as much as it hurts my pride. I have an evaluation copy of Windows 2008 RC running on VM Server 1.03 at the moment, if I get the virtual machine operating to my requirements I will implement it to a hardware installation. Goal: Enabling WPA2+Enterprise Authentication on Wi-Fi AP through use of NPS (RADIUS) features of Windows 2008 Server Brief Summary of Project Accomplished: Configured NPS through wizard. Assigned connection settings to AP. Assigned connection settings to test client. Login screen appears when connecting to the AP but login attempts fail. Created a local user with matching credientials of the client on the server. Login attempts continue to fail. Problem: Connectivity between Vista wireless client and 2008 Server has been established. 2008 Server's Event Viewer reports Network Policy Server cannot authenticate the user. Specific error message provided below: Event ID: 6273 Reason Code: 65 Reason: The connection attempt failed because network access permission for the user account was denied. To allow network access, enable network access permission for the user account, or, if the user account specifies that access is controlled through the matching network policy, enable network access permission for that network policy. More Details: Current Setup (Software): Server 2008 (fresh install) Network Policy Server role installed via wizard (no other roles or features installed) Vista Business (test client) Current Setup (Hardware/Topology): Linksys WRT54GS Router @ 192.168.1.1 Server on LAN Port 1 @ (static) 192.168.1.120 Clients on LAN Ports 2/3/4 & Wi-Fi AP @ DHCP Range 192.168.1.100-119 Other Comments: I have configured the RADIUS server with generated key and added my RADIUS client (Linksys WRT54GS Router) with the generated key. The RADIUS client (router) is using WPA2+RADIUS for authentication. Followed through the NPS wizard to configure a RADIUS server for Wi-Fi AP. During the configuration a Secure Wireless Connections network policy was created giving access to the Windows Groups BUILTIN\Users, BUILTIN\Power Users, and BUILTIN\Administrator groups. I created three local user accounts on the 2008 Server that belong to the [bUILTIN]Users group of the local machine. Authentication continues to fail when trying any of the three new accounts. I'm not sure where to go from here, do I need another condition? Also, can I use only a single user account to authenticate RADIUS login for multiple clients if the option to supply login credentials other than the client's Windows user account? Any ideas on how to get this working? ---------------------------------------------------------- Related Questions about Windows 2008 Server RC Evaluation - How many times can I activate this an evaluation key (simultaneously) ? - How long is the evaluation period (90/180/365 days) ? Edited October 20, 2007 by Budious Link to comment Share on other sites More sharing options...
bobbba Posted October 20, 2007 Share Posted October 20, 2007 has the windows users account you are trying to get in with got the Dialin property set to "control by Remote Access policy" (or something like that)? Link to comment Share on other sites More sharing options...
Budious Posted October 20, 2007 Author Share Posted October 20, 2007 Yes, I have the radio button option selected for "Control access through NPS Network Policy" Link to comment Share on other sites More sharing options...
Budious Posted October 20, 2007 Author Share Posted October 20, 2007 I think the problem is that the server needs a certificate authority of some type installed to be compliant with the authentication schemes. NPS is a replacement for IAS from Server 2000/2003 and can operate with local SAM user accounts and does not require Active Directory; however, it appears I still need to have to a certificate source. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted March 26, 2014 MVC Share Posted March 26, 2014 I am having this issue now with freshly rolled out Windows 7 Clients from XP. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted March 26, 2014 Veteran Share Posted March 26, 2014 Chuck I can help you out tomorrow. I just set this up so the config is fresh in my mind. Very easy to do. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted March 27, 2014 MVC Share Posted March 27, 2014 This thread is from 2007 ;) So Chuck are you running on a 2008 Release Candidate as well? ;) So your saying these XP clients worked, but now you clean installed them to 7 or upgraded? I think it would be best if you created your own thread with your specific details. Link to comment Share on other sites More sharing options...
Recommended Posts