Hello - hope someone can explain this to me. This is a general question about NPS and Radius and I think I am simply missing something obvious. I have set a Windows 2012R2 server up as a Domain controller, a CA and a Radius server authenticating connection requests using NPS. The setup is pretty simple. Clients connect via Wireless and an Aruba networks controller and establish a VPN. The Aruba controller passes off the authentication requests to the 2012 radius server. The clients use Certificates to authenticate mapped to AD accounts.
We generate certs on the Windows CA.
We create an AD user and use name mappings to map the cert to the user.
We install the certificate, private key and root cert on the client machine and use the client cert to authenticate the client when it tries to establish the VPN tunnel.
OK so far so good and this is all working. However, the request then came in to connect Android clients. However, I can't seem to get the Android clients to work. When they connect I can see an IAS_Success message on the Radius server but the connection is never established and the tunnel is not formed. I never get a full network access granted event in the event log either.
OK - so I set up a Windows machine and an Android machine in an identical setup and I even used the same Certificate (which was generated independently and imported with the private key and root as a pfx file) to make sure the test was identical. Windows connects and Android doesn't.
Now I understand the common name on the cert has to match the AD user the certificate is matched to on the NPS side but that's it isn't it. What am I missing???
If anyone can help point out the obvious to me I would be very grateful.
Thank you