Forum Discussion

StefanoC66's avatar
StefanoC66
Iron Contributor
Jun 26, 2023

User or computer certificate selection for 802.1x

I've set up an NPS, on windows 2019, to be used as Radius server for 802.1x certificate-based autentication.

On NPS I made a connection profile with both Domain Users And Domain Computer so that belonging to one of them should enable to connect to wi-fi, provided that the computer OR the user has a valid Cert.

I found, however, that it seems that the connection only works if "at least" there's the computer certificate.

If a computer has not the certificate but the user does it does not connect.

What is wrong ?

thanks

 

Networking
nps
security

1 Reply

Sort By
  • MathieuVandenHautte's avatar
    MathieuVandenHautte
    Steel Contributor
    Jun 27, 2023

    Hi Stefano,

    You have to check these configurations:
    1. Certificate via a certification authority

    2. NPS - Radius Clients
    3. NPS - Connection Request Policy: Condition > NAS Port Type: Wireless - IEEE 802.11 OR Wireless - Other
    4. NPS - Network Policy: Condition > Windows Groups (users)
    5. GPO: Wireless Network Policy with Authentication Mode: User authentication
    6. AccessPoints: WPA-2 Enterprise


    Troubleshooting:
    Logs on the server can be consulted in Event Viewer > Custom Views > Server Roles > Network Policy and Access Services
    Logs on clients can be consulted in Event Viewer > Applications and Service Logs > Microsoft > Windows > WLAN-Autoconfig > Operational

     

    Also check my post:

    https://techcommunity.microsoft.com/t5/windows-10/windows-server-2019-nps-radius-no-event-viewer-logs-solution/m-p/3789866

Resources