Questions tagged [nps]
Network Policy Server, is a Microsoft RADIUS server for Windows Server 2008 and higher.
120
questions
10
votes
4
answers
51k
views
Authentication via RADIUS : MSCHAPv2 Error 691
I am working on setting up authentication into an Acme Packet Net-Net 3820 (SBC) via RADIUS. The accounting side of things is working just fine with no issues. The authentication side of things is ...
8
votes
1
answer
13k
views
My GoDaddy! certificate is not trusted by iOS devices but it is trusted by Android and Windows devices
I’ve deployed some Radius servers (Windows Server 2012 R2 with NPS).
They use PEAP-MSCHAP-V2 for authentication with a SAN Go Daddy Certificate. They are deployed in order to handle Wi-Fi connections....
7
votes
1
answer
17k
views
Third Party Wildcard Certificates for use with Microsoft NPS / RADIUS / PEAP
I want to replace the SSL certificate that is used for PEAP on our NPS server that is doing RADIUS authentication for our Cisco WLCs. The current certificate is a SSL certificate that does Client ...
7
votes
2
answers
1k
views
Network Policy Server Granular Time Restrictions
I am configuring NPS as a RADIUS authentication source for my wireless clients.
I am trying to differentiate between school hours and after hours as I need to connect certain users to a different ...
7
votes
1
answer
4k
views
How do I get as much debugging info as possible out of the Network Policy Server (ias) service?
We are trying to authenticate a client on remote vpn, through a Meraki Z1 teleworker appliance. The Z1 is sending a proper request, the Network Policy Server (ias) service is apparently ...
6
votes
5
answers
109k
views
Cannot connect to a VPN server - authentication failed with error code 691
When trying to connect to a VPN server, I get the 691 error code on the client, which say:
Error Description: 691: The remote
connection was denied because the user
name and password ...
6
votes
1
answer
3k
views
Restrict access to RD Gateway based on IP
I'm trying to restrict who can access our RD Gateway based on both their group membership and IP address (so people in group A can only access the system from IP address X). The Network Policy Server ...
5
votes
1
answer
7k
views
Providing High Availability for NPS
I need to ensure high availability for RADIUS service in Windows Server environment so it can withstand loss or even temporary downtime of any particular server holding NPS role.
Most of technet ...
4
votes
2
answers
26k
views
Why would NPS suddenly stop authenticating users?
We use a computer running Windows Server 2008 (32-bit) with the RRAS and NPS roles to authenticate users for VPN and wireless access over RADIUS.
This configuration has been working great for more ...
4
votes
2
answers
5k
views
Remote administer Network Policy Server
In our domain I have a Windows Server 2008 R2 machine "GWY" with the Network Policy and Access Services role installed. From this machine I can open the Network Policy Server management console to ...
4
votes
2
answers
3k
views
Control which certificate an NPS network policy selects when the certificate is auto-renewed
I have multiple NPS network policies using Microsoft PEAP with a self-signed certificate. When our internal CA automatically renews the certificate, all of the network policies switch to another (it ...
4
votes
4
answers
924
views
How to prevent a user from being able to plug an XP machine into the network
We recently had an issue where a user brought their laptop in from home and plugged it into the network, attempting to get internet access. I know on a port level I could setup MAC restrictions, but ...
4
votes
3
answers
1k
views
SuperMicro IPMI using Windows-based RADIUS (NPS)
I'm struggling to use a Windows-based RADIUS setup (Network Policy Server) with SuperMicro IPMI interfaces.
I've found that I need to add vendor-specific attribute H=4, I=4 (Appendix C in the ...
3
votes
2
answers
5k
views
What are the risks of adding third-party Root CA certificate into NTAuth Store?
What are the risks associated with import of third-party Root CA certificate into the Enterprise NTAuth Store in Windows domain except that the CA is then trusted to issue certificates?
This is for ...
3
votes
1
answer
769
views
Is a Windows Server CAL needed for IEEE 802.1x MAC authentication bypass?
We want to deploy IEEE 802.1X port-based authentication for specific devices by means of MAC authentication bypass. For this, we must enter the MAC address of the device as username and password in ...
3
votes
3
answers
8k
views
strongswan IKEv2 VPN + RADIUS authentication with NPS in Active Directory domain
I've managed to get strongswan running with eap-mschapv2 authentication using a server certificate. Now I want to try and use the eap-radius plugin with NPS running on a Windows 2012 R2 server to ...
3
votes
1
answer
10k
views
Missing roles in Windows Server 2016
I'm trying to install the NPS role on Windows Server 2016 (Datacenter) but neither Server Manager nor Install-Windows feature seem to be aware of its existence:
PS > Install-WindowsFeature NPAS -...
3
votes
1
answer
3k
views
Microsoft NPS 2012 R2 - Can't perform authentication from Cisco ASA with PAP
I am trying to setup a Cisco ASA (version 9.1(7)6) to authenticate against a Microsoft Network Policy Server 2012 R2.
The ASA is able to communicate with the NPS server, however the test aaa-server ...
3
votes
1
answer
2k
views
Registation or Guest VLAN for 802.1x via Microsoft NPS
I am currently working on a Microsoft NPS solution to provide 802.1x MAC authentication for wired and wireless clients along with providing a VLAN for the clients to be moved to.
It currently works ...
3
votes
0
answers
3k
views
Cisco SG300 switch does not send RADIUS messages to server for 802.1x
I want to eventually configure the SG300 to authenticate wired clients with 802.1x and Microsoft NPS (RADIUS). I am currently testing this setup using a single port (Port 7) on my SG300, a test ...
2
votes
2
answers
9k
views
NPS - RADIUS - Active Directory Authentication
Is it possible to use NPS RADIUS as an intermediary between an application that only supports RADIUS authentication and an active directory server which is used for authentication across the network?
...
2
votes
2
answers
10k
views
Problem with network policy rule in Network Policy Server
Trying to configure RADIUS for a college network, and have run into the following frustration:
I can't set an "AND" condition for group membership of authenticated objects in the network policy rules,...
2
votes
1
answer
12k
views
NPS/RADIUS authentication across one-way trust
I'm trying to set up Windows Network Policy Server to allow RADIUS authentication in a multiple forest scenario with one-way trusts. We have several domains (each in a single domain-forest) containing ...
2
votes
1
answer
2k
views
EAP-TLS for Wireless with Active Directory
My question is more from a conceptual point of view, rather than implementation (even though I'm asking about proprietary protocols and products).
Assuming I have users and credentials set up in my ...
2
votes
1
answer
14k
views
How to integrate Windows Server 2008 R2's NPS with Cisco switches?
I need to evaluate in a lab environment the use of Windows Server 2008 R2's NPS for 802.1x authentication with Cisco Catalyst 3750 switches; the general idea is to only let clients connect to the ...
2
votes
2
answers
4k
views
Monitoring a service that runs as svchost with nagios
What was IAS in Server 03 is now Network Policy Server (NPS) in Server 08. I was able to monitor the service in 03, but have been unsuccessful in figuring out how to in 08. The path to executable ...
2
votes
1
answer
6k
views
Radius connection with Windows 7 computers
I have many Ubiquiti Unifi APs connected to a Windows Server 2012 NPS radius server.
I configured security policies to let domain users connect to the local network.
I'm having some trouble with ...
2
votes
1
answer
1k
views
Configure VPN on ASA to log accounting via NPS
Currently we have VPN setup on an ASA 5510. I have it set to use NPS for RADIUS authentication, but I've never really configured much as far as accounting. I'm wanting to set this up to be able to ...
2
votes
1
answer
163
views
Issue with Powershell script not filtering by date
I've put together this powershell function to basically pull events from the NPS log (Specifically denied authentication attempts) from the last point the script was run (the $date variable), sort out ...
2
votes
2
answers
2k
views
How do I use a domain account to connect to a MSSQL server for NPS accounting?
I'm trying to connect a Server 2008 R2 NPS to a MSSQL server for logging accounting data and I'm running into issues.
I configured NPS Accounting through the "Configure Accounting" wizard and, using ...
2
votes
1
answer
2k
views
Using Windows NPS for Cisco router aaa authentication - is this safe?
I setup RADIUS authentication on a Cisco router and pointed it to a Windows NPS. Now I can ssh into the router my with AD account YAY.
But now that I got it working I'm going over the settings to ...
2
votes
1
answer
2k
views
Setting up NPS with a certificate that is valid to both AD and non-AD machines
I'm trying to setup an AD server running the NPS service so that both AD and non-AD machines see the certificate as valid when authenticating to the wireless network. I picked up a cert from GoDaddy ...
2
votes
1
answer
411
views
howto restrict active directory account for PEAP/non-CIFS only
We have some voip phones that we want to integrate into our PEAP WiFi network, and I'm concerned about just creating a standard AD account and using that. If someone got hold of such long-term account ...
2
votes
1
answer
16k
views
MS NPS denying access, can't validate server certificate
At my office we use a Cisco WLC2504 wireless controller and starting about a week ago we started having problems with users connecting to one of our secure wireless network. We are running AD on ...
2
votes
1
answer
244
views
How to use different network policies for administrative logins and wireless users?
I'm using a RADIUS server (NPS on Windows 2008 R2) to centrally manage authentication for a bunch of Cisco devices, including switches and wireless access points; I'm currently using RADIUS to ...
2
votes
1
answer
3k
views
Connect to a Windows Server 2008R2 using php, ldap, tls fails if server has NPS service
Servers:
DALCON2 (Windows 2008R2, DC, NPS)
DALCON3 (Windows 2008R2, DC)
DALCON-WWW (Ubuntu server)
Goal:
From DALCON-WWW, using adLDAP with TLS to connect to a domain controller LDAP service
If I ...
2
votes
1
answer
10k
views
Still suffering from Windows NPS May 2022 Certficate Update
in May 2022 Microsoft changed the way that client certificates are mapped to AD accounts, causing 802.1X EAP-TLS computer account authentication to stop working.
Here is an additional resource with ...
2
votes
0
answers
22
views
NPS policy for external firm?
Can NPS be used in the following scenario:
We (FIRM-A) are sharing some office space with another firm (FIRM-B). We would like their laptops to connect to our "Internet Only" SSID. Those ...
2
votes
0
answers
561
views
Network Policy Server rule does not match users from trusted domain when in a nested group
TL;DR: Just look at the image linked below.
User group membership diagram
We have an RD Gateway and Network Policy Server, both running on Windows Server 2012 R2 in an environment with forest ...
2
votes
2
answers
27k
views
No NPS (Network Policy Server) Event Logs
Running into something very painful. We use Microsoft's Network Policy Server, and need the Network Policy Server security event subcategory to work - specifically, event id 6273 and 6272. NPS works,...
2
votes
0
answers
387
views
802.1x WiFi computer (cert) auth against 2008 R2 or 2012 R2 NPS succeeds, fails against 2016 NPS
We have a Meraki wireless infrastructure using 802.1x to authenticate Windows clients against MS Network Policy Server using certificates issued by our internal root CA. The root cert and wireless ...
2
votes
0
answers
5k
views
Windows Server 2012R2 RADIUS (wifi) clients won't accept bought wildcard certificate
I've been managing the NPS Server for a while and thought it was time to treat it a valid SSL certificate.
The setup
I bought a wildcard SSL certificate from comodo, compiled it to an .pfx ...
2
votes
1
answer
8k
views
Cisco Voice VLAN with 802.1X Authentication
I've got a Cisco Catalyst 2960 that I'm trying to configure for a remote office with 802.1X wired authentication.
The setup I'm going for is Switch -> VoIP Phone via Internal Switch -> PC/...
2
votes
0
answers
903
views
NPS RADIUS authentication fails due to user account
We're in the process of migrating our wireless network, adding in 802.11x-based RADIUS authentication. The set up is as follows:
Client connects to router01
Client authenticates through RADIUS on a ...
2
votes
0
answers
1k
views
£ sign in password fails Windows NPS Radius authentication against Sonicwall SRA
We have a Sonicwall SRA server configured to authenticate users using RADIUS to a Windows NPS Server running on Windows Server 2012 R2.
It all works fine EXCEPT when passwords contain the "£"...
2
votes
0
answers
382
views
Macs to work on 802.1X wired network
We are in the process on 802.1X for all our wired clients. We are using NPS on Server 2008R2 as our Radius server. All our windows clients authenticate using just a computer certificate issued by our ...
2
votes
1
answer
2k
views
network policy + WPA enterprise (tkip) Windows 2008 R2 [closed]
hi I've attempted the following guide and in a bit of a pickle.
http://techblog.mirabito.net.au/?p=87
My main goal is to have a username / password based wireless authentication with active directory ...
1
vote
1
answer
3k
views
Is it possible to host a RADIUS server on Windows 7 [closed]
Is it possible to host a RADIUS server on Windows 7.
I am trying to use this as an authenticating server for my Routers. A third-party application is fine, however maybe if its possible it can use ...
1
vote
2
answers
3k
views
How to "segregate" non-domain DHCP clients with Windows 2012 R2?
I search a way to prevent network access to devices not belonging to our corporate Active Directory domain.
Some people connect their personnal laptops to our corporate network, and some of them ...
1
vote
1
answer
659
views
802.1x Wifi with Disabled AD Account
I have setup an NPS Server (Windows Server 2016) which uses RADIUS to allow my users to authenticate against AD for their Wireless Connections.
When I disable an account in AD, NPS will not allow the ...