Hello.
I have a problem with my MS Windows Server 2008R2 with installed Network Policy and Access Services role.
All PCs in my network authorized by this server and everything is fine, but i have a problem with authentication MFPs and printers (HP and Kyocera).
I created users for printers and network policy to assign it to properly VLAN using PEAP (EAP-MS-CHAP-v2) authentication. After specifying at printer domain username and password I set port on my switch in authentication mode, but server told me that there is a error with code 23 - An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors- there is a same error for all printers in my LAN
There is CA-server in my network, and certificate for NPS-server issued by it. I tried to install certificate of this CA (and NPS-server) on printers, but it does not matter for it.
In IASSAM.log there is the next messages about authentication attempts:
[5140] 11-04 12:49:39:877: NT-SAM Names handler received request with user identity PRINTERUSER@DOMAINNAME [5140] 11-04 12:49:39:877: Successfully cracked username. [5140] 11-04 12:49:39:877: SAM-Account-Name is "DOMAINNAME\PRINTERUSER". [5140] 11-04 12:49:39:877: Successfully created new RAP Based EAP session for user DOMAINNAME\PRINTERUSER [5140] 11-04 12:49:39:877: No AUTHENTICATION extensions, continuing [5140] 11-04 12:49:39:877: NT-SAM Authentication handler received request for DOMAINNAME\PRINTERUSER [5140] 11-04 12:49:39:877: Validating windows user account DOMAINNAME\PRINTERUSER [5140] 11-04 12:49:39:877: Sending LDAP search to dc.DOMAINNAME. [5140] 11-04 12:49:39:877: Successfully validated windows account DOMAINNAME\PRINTERUSER [5140] 11-04 12:49:39:877: NT-SAM User Authorization handler received request for DOMAINNAME\PRINTERUSER [5140] 11-04 12:49:39:877: Using native-mode dial-in parameters. [5140] 11-04 12:49:39:877: Sending LDAP search to dc.DOMAINNAME. [5140] 11-04 12:49:39:877: Successfully retrieved per-user attributes. [5140] 11-04 12:49:39:877: Allowed EAP type: 25 [5140] 11-04 12:49:39:877: Allowed EAP type: 26 [5140] 11-04 12:49:39:877: Succesfully created EAP Host session with session id 1218224 [5140] 11-04 12:49:39:877: Processing output from EAP: action:1 [5140] 11-04 12:49:39:877: Inserting outbound EAP-Message of length 6. [5140] 11-04 12:49:39:877: Issuing Access-Challenge. [5140] 11-04 12:49:39:877: No AUTHORIZATION extensions, continuing [7224] 11-04 12:49:39:924: Successfully retrieved session (1218224) for user DOMAINNAME\PRINTERUSER [7224] 11-04 12:49:39:924: No AUTHENTICATION extensions, continuing [7224] 11-04 12:49:39:924: Processing output from EAP: action:1 [7224] 11-04 12:49:39:924: Inserting outbound EAP-Message of length 1462. [7224] 11-04 12:49:39:924: Issuing Access-Challenge. [7224] 11-04 12:49:39:924: No AUTHORIZATION extensions, continuing [5140] 11-04 12:49:39:955: Successfully retrieved session (1218224) for user DOMAINNAME\PRINTERUSER [5140] 11-04 12:49:39:955: No AUTHENTICATION extensions, continuing [5140] 11-04 12:49:39:955: Processing output from EAP: action:1 [5140] 11-04 12:49:39:955: Inserting outbound EAP-Message of length 1325. [5140] 11-04 12:49:39:955: Issuing Access-Challenge. [5140] 11-04 12:49:39:955: No AUTHORIZATION extensions, continuing [7224] 11-04 12:49:39:986: Successfully retrieved session (1218224) for user DOMAINNAME\PRINTERUSER [7224] 11-04 12:49:39:986: No AUTHENTICATION extensions, continuing [7224] 11-04 12:49:39:986: Processing output from EAP: action:2 [7224] 11-04 12:49:39:986: Translating attributes returned by EAPHost. [7224] 11-04 12:49:39:986: EAP authentication failed. [7224] 11-04 12:49:39:986: No AUTHORIZATION extensions, continuing [7224] 11-04 12:49:39:986: Inserting outbound EAP-Message of length 4.
Can anybody explain what i need to do to make my printers will authenticated by NPS server?