Quantcast
Channel: Network Access Protection forum
Viewing all 1875 articles
Browse latest View live

RADIUS accounting

May 17, 2019, 11:01 am
$
0
0

Hello, I have a remote Radius server group configured within NPS to allow RADIUS accounting messages to be sent to these servers. For example my Connection request policy is configured to 'Forward accounting requests to this remote RADIUS server group'.

I want every server within this group to receive all accounting messages i.e. I don't want load balancing at all.

If I simply configure the priority as '1' and the weight as '100'  within the RADIUS server load balancing options will this have the desired effect ?

Search

Block Non-Domain Devices from Wireless

December 15, 2014, 10:46 am
$
0
0

Hello. I've been searching for a solution for this problem for days now and I'm not getting anywhere. Several others have ran into this issue but I never see a final solution.

I have a wireless network which I want limited to domain computers only. I don't want personal devices connecting to it. Currently I have a policy in NPS that has a condition to allow users from my wireless security group which I added as a Windows Group. I have rolled out the wireless network settings via GPO to all domain computers. This works great. However, users are able to connect from their non-domain devises using their credentials, which I want to prevent from happening.

I have tried adding Domain Computers in the conditions as a Windows Group and Machine Group, neither helps. In fact it blocks all devices from connecting period.

I have also tried changing the authentication mode on my wireless setting on the client side to "computer authentication" and "user or computer authentication". That change didn't help either.

I'm using PEAP. Windows 2008R2. Any help will be appreciated. Thanks.

Asif Shah

RADIUS over the internet?

July 19, 2018, 5:52 am
$
0
0

I would like to configure a Server 2016 NPS deployment to serve RADIUS for WiFi authentication in several offices.  The NPS would be hosted in AWS, as such the only practical way for multiple offices to access it would just be over the public internet.  Can NPS be configured such that this is safe to do?  i.e. only allow PEAP rather than PAP, MSCHAP, etc.?

Thanks

Using NPS with Cisco IP Phones

December 1, 2010, 12:56 pm
$
0
0
Has anyone setup the NPS to act as an authentication server for Cisco IP phones? I have never done this before and I'm looking for insight. I am not sure exactly what configs need to be set and also need to make sure that the authentication success response includes the class=voip line.

Phantom log entries - run-away NPS log files (loop?)

June 14, 2019, 8:40 am
$
0
0

This week we started experiencing run-away log files with constant "phantom" (for lack of a better term) log entries.  We have 2 NPS servers on individual domains, and I added Connection Request Policy rules to capture foreign domain user information and forward to the appropriate domains NPS.  Ref: https://social.technet.microsoft.com/Forums/en-US/2c4a7aeb-39e6-4efb-898a-77fd1c150da0/nps-proxy-proxy-machine-auth-requests?forum=winserverNAP

Now, there appears to be a situation, perhaps some request that - maybe - has introduced a loop or some other errant behavior on both my NPS servers (there are thousands a second) .  The constant log entries look like this...

<Event><Timestamp data_type="4">06/13/2019 15:36:01.668</Timestamp><Computer-Name data_type="1">DOMAIN1-DC2</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Acct-Status-Type data_type="0">7</Acct-Status-Type><Acct-Session-Id data_type="1">08ea4490812a-991628665ac0</Acct-Session-Id><Event-Timestamp data_type="4">06/13/2019 15:11:26</Event-Timestamp><Acct-Delay-Time data_type="0">0</Acct-Delay-Time><NAS-IP-Address data_type="3">10.136.110.5</NAS-IP-Address><NAS-Identifier data_type="1">AP-7</NAS-Identifier><Called-Station-Id data_type="1">08-EA-44-90-81-2A:WESTFIELD-Wireless</Called-Station-Id><Client-IP-Address data_type="3">10.98.11.10</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">DOMAIN2-DC2</Client-Friendly-Name><Provider-Type data_type="0">2</Provider-Type><Packet-Type data_type="0">4</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

So, the request has a NAS ID of a valid wireless AP, but the Client is the "other" NPS server (domain2-dc2).  Notice there is no User-Name field ( like <Acct-Authentic data_type="0">1</Acct-Authentic><User-Name data_type="1">b.rubble</User-Name>).  My forward rules are simply user= "domain2\b.rubble" forward to domain2 NPS, & "host/pcname.domain2.org" forward to domain2 NPS - otherwise process the request locally.

So, either an incoming request to domain1 NPS either matches the forwarding rules, or is processed locally.  Here, it seems some other requests are being passwed from domain1 to domain2 NPS where it rules wild (and it also work reverse, domain2 to domain1).

I can stop this behavior by disabling communication between the NPS servers (via disabling the radius client entry of the other NPS server).  What is also interesting, I ran both servers (with their forwarding functioning) for perhaps 2 hours this morning, before the problem happened.

Stumped, any ideas anyone?

NPS MMC Crash after adding new RADIUS client

June 9, 2009, 1:30 am
$
0
0
Hi,

i'm working on a Windows 2008 SP2 version
When i try to add a new RADIUS Client the MMC snap-in stopped working.
i'm also unable to remove old RADIUS clients.

the following error is shown:

Description:


Stopped working

Problem signature:

 

Problem Event Name: CLR20r3
Problem Signature 01: mmc.exe
Problem Signature 02: 6.0.6002.18005
Problem Signature 03: 49e02760
Problem Signature 04: npsui
Problem Signature 05: 6.0.0.0
Problem Signature 06: 4791ade7
Problem Signature 07: 13a
Problem Signature 08: f8
Problem Signature 09: System.UnauthorizedAccess
OS Version: 6.0.6002.2.2.0.274.10
Locale ID: 1043

Forward Radius Accounting to Firewall from NPS-Server 2012

June 17, 2019, 1:08 am
$
0
0

Hi,

We are configuring radius SSO authentication for Sophos XG Firewall.We have Windows server 2012 as NPS server(Radius Server).For the wireless authentication at the Firewall We need to forward accounting information from radius server to Sophos XG Firewall.How to forward radius accounting from NPS ?

NPS Server Migration

June 19, 2019, 6:59 am
$
0
0

Hi,

I know that we can do the NPS server migration using export and import commands but i want to know, is there any dependency to run the NPS services on domain controller?

Please advise if you have faced any issue during the migration so that i can prepare well for that.

Thanks in advance.

Search

Network Policy - Condition

June 21, 2019, 9:34 am
$
0
0

Hi, 

In NPS Server, under policies we have "Network Policies" and in that we are adding groups in "conditions" but there are few categories in the groups. One is "Windows groups" and another one is "user groups". What is the main difference between these two groups.

Azure MFA on NPS/Radius

June 28, 2019, 1:22 pm
$
0
0

I am trying to set up Azure MFA for our Cisco AnyConnect VPN clients following this document. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn

We currently run RADIUS on Windows 2012 R2 for our Wireless Authentication.

After installing the MFA Azure Extension, all of our Wireless users began getting prompted for MFA. All we want us VPN users to get prompted for MFA, not our WiFi users. How can I separate it out so Wireless does not get prompted but Cisco AnyConnect users do get prompted? It seems like an all or nothing. Any help would be appreciated.

NPS on Windows Server 2016 don't create any Log files

July 2, 2019, 4:33 am
$
0
0

Hi all,

I have set up an NPS on a Windows 2016 Server. 

My Problem is that i don't get any Log File output. 

The Accounting Settings are all selected and the Log file Directory is "C:\Windows\system32\LogFiles".

The Format is ODBC (Legacy). 

When I check the auditpol i get the following output. 

System audit policy 

Category/Subcategory    Setting

Logon/Logoff

Network Policy Server    Success and Failure

Does someone have a solution for this?

Thanks a lot. 


Windows server vpn setup

July 8, 2019, 6:35 pm
$
0
0
Routing and Remote Access. Open the console and you will see a red down arrow over the server name. nothing appear for my case i want to install vpn client to server 

IAS extension dll for using sql server as radius authentication

March 8, 2010, 12:39 pm
$
0
0
Hello. Im searching information about any .dll or more specifications about the "IAS extension DLL" speaked in this url:

http://technet.microsoft.com/en-us/library/cc757302(WS.10).aspx

We need some way to connect the IAS with a MS sql server, for the web Citrix (Radius).

As i saw, the only way is deploying that dll with the specifications above (there is no free dll on internet). But i think we are not enough skilled for that task, as we have never worked with radius, neither with eap or other encryptions. We are "so common" C#NET developers.

Any suggestions?

Thanks.
Paul.

Not sufficient Privilege

April 4, 2015, 10:50 pm
$
0
0

Hi,

when I try to register the NAP server in AD it gives the following error to me
I am logging as adatum\administrator account  

please help 

thanks 

NPS Migration from 2008 R2 to 2019

July 10, 2019, 1:28 pm
$
0
0
I have 2 - 2008 R2 servers with only NPS installed on them and I need to migrate them to 2 new 2019 servers.  They service the same clients but are just in 2 different data centers for redundancy.  The only things setup on there are 6 RADIUS clients and 15 network policies.  The IP and DNS names will stay the same.  

My questions are as follows:

1.) Is there a migration guide or checklist for doing this?

2.) I will be creating a new certificate for the new servers as compared to the ones on the old servers going from a local CA certificate to a Digicert certificate.  Will that affect anything?  Any specific settings that need to be the same?

3.) Anything else to beware of?
Search

Setup vpn

July 10, 2019, 11:48 pm
$
0
0
What the difference between Setup a VPN in Windows 10 and setup a vpn in windows server ? 

Setup vpn windows server 2016

July 11, 2019, 1:09 am
$
0
0
  

i'm having issue to setup once i reached until Go to Tools> Routing and Remote Access. And Right click on my server name the server by itself missing i only see server status on stuck over there  I Did all the processInstallation  


Setup vpn windows server 2016

July 14, 2019, 9:30 pm
$
0
0
 i had this is setup once i want to setup vpn 

Windows 2016 NPS either/or pattern matching expressions

July 17, 2019, 12:36 pm
$
0
0

Does anyone have or know of any examples how to use either/or pattern matching expressions for NPS in Windows 2016?

I would like to add multiple clients in a single NPS network policy and each client needs to be able to authenticate. 

`xy ` Matches either x or y.

https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-crp-reg-expressions

Thanks.

number of RADIUS Clients are supported by Windows Server 2016 Standard?

July 18, 2019, 7:20 am
Viewing all 1875 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>