Hello, (Before want say sorry for my english)
( I speak it only since very little and this is only a model for my project BTS)
so, I installed a server NPS, AD CS in order to manage connections towards my wifi acces points through my Controller “RUCKUS ZoneDirector”.
The NPS is based on our active directory to manage the users.
Under the conditions, it is configured manner according to:
In active the directory, I have my users and my computers in this groups
Then the certificate of my server NPS, which I had to generate with AD CS, I exported it and to install it on my Active Directory, in order to diffuse it with a GPO.
This GPO sends information to the computers all the information of the hotspot "vdb-radius", the automatic inscription, automatic request of certificate.
Before i precisely defined groups under the conditions of my network policies on my nps, I had to put all the computers of the domain and all the users of the domain just to see if my gpo would function.
It continue to work even after I put the group “groupe_wifi_radius_users” but when I add my other group “groupe_wifi_radius_pc” it refuses.
It's like i can only put a user group in my nps policies but it refuses my computer group, even though the computers i try to connect are well in this group.
Here the error message which i traducted from french :
Server NPS refused the access to a user. Contact the administrator of server NPS for more information.
User: ID of safety:
WIN \ rtest Name of account:
WIN \ rtest Field of account:
WIN Name of complete account: win.beauvais.fr/Utilisateur/Wifi_Radius/Ruckus Test
Computer customer:
ID of safety:
NO SID Name of account:
-
Name of complete account:
-
Version of the operating system:
-
Identifier of the station called:
C4-01-7C-FC-B0-99:
identifier vdb-radius of the calling station:
C4-85-08-F2-56-7A Server NAS:
Address IPv4 of server NAS:
192.168.250.10
Addresses IPv6 of server NAS:
-
Identifier of server NAS:
Standard C4-01-7C-FC-B0-99
Type of port of server NAS:
Without wire - IEEE 802.11
Port of server NAS: 1
Customer RADIUS:
Convivial name of the customer:
ruckus.beauvais.fr
Address IP of the customer:
192.168.250.10
Information detailed on the authentification:
Name of the policy of request for connection:
Protected connections without wire
Name of the policy network:
Connections to other accesses servers
Supplier of authentification:
Windows Server of authentification:
Standard SVR-RADIUS.win.beauvais.fr
Type of authentification:
Standard EAP
Type EAP:
- Identifier of the session of the account:
-Results of journalizing: Information of follow-up was registered in the file local newspaper. Code reason: 65 Reason: The parameter Access authorization network in the properties of the incoming calls of the account of user Active Directory is defined to refuse the access to the user. To modify this parameter To authorize the access or To control of them the access via the policy of remote access, reach the properties of the account of user in Utilisateurs and computers Active Directory, click on the mitre Incoming call, and modify Access authorization network
Apprentice Network Administrator Division of Telecommunication and Information Systems for the City Hall Of Beauvais,France