Active Directory NPS wireless connection not working

2k views Asked by At

I've recently setup a NPS server on my Domain Controller for testing.

I created the radius client and defined policies. Also configured the access point to talk to the radius server.

The problem is everytime I try to login to the wifi it says "connecting.." and then goes back to show "saved" on the wifi status.

Here's the log:

 <Event><Timestamp data_type="4">01/10/2018 16:32:59.280</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">testuser</User-Name><Called-Station-Id data_type="1">9C-3D-CF-6F-59-FA:NETGEAR39-5G</Called-Station-Id><NAS-Port-Type data_type="0">19</NAS-Port-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">7C-5C-F8-3B-8F-53</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54Mbps 802.11a</Connect-Info><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 30</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

    <Event><Timestamp data_type="4">01/10/2018 16:32:59.280</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 30</Class><Session-Timeout data_type="0">60</Session-Timeout><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

    <Event><Timestamp data_type="4">01/10/2018 16:32:59.296</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Called-Station-Id data_type="1">9C-3D-CF-6F-59-FA:NETGEAR39-5G</Called-Station-Id><NAS-Port-Type data_type="0">19</NAS-Port-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">7C-5C-F8-3B-8F-53</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54Mbps 802.11a</Connect-Info><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><User-Name data_type="1">testuser</User-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 31</Class><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

    <Event><Timestamp data_type="4">01/10/2018 16:32:59.296</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 31</Class><Session-Timeout data_type="0">30</Session-Timeout><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

    <Event><Timestamp data_type="4">01/10/2018 16:32:59.311</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Called-Station-Id data_type="1">9C-3D-CF-6F-59-FA:NETGEAR39-5G</Called-Station-Id><NAS-Port-Type data_type="0">19</NAS-Port-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">7C-5C-F8-3B-8F-53</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54Mbps 802.11a</Connect-Info><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><User-Name data_type="1">testuser</User-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 32</Class><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

    <Event><Timestamp data_type="4">01/10/2018 16:32:59.311</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 32</Class><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Session-Timeout data_type="0">30</Session-Timeout><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

I've also tried changing the wireless access point to be sure, but same result.

Any ideas?

1

There are 1 answers

0
Production PhotoStudio On

I solved this problem.

Apparently, the server was authenticating the users fine but wasn't able to authenticate itself to the radius client.

We need to add different new certificate to the NPS server.

So In the NPS management console, Policies --> Network Policies --> (Select your policy) --> Constraints --> Authentication Methods --> Select Microsoft: Protected EAP (PEAP) in the EAP Types box --> Edit and change the certificate issued to to the last option. -->OK --> Apply.