Forum Discussion
mmartin1935
Jan 10, 2024Copper Contributor
Computer/Machine Auth Not Working with NPS
Hello All,
We are moving away from a Cisco RADIUS server and wanting to implement Windows NPS as RADIUS server.
I have configured a Wireless Policy in NPS with the following (*Screenshot attached too):
Conditions Tab:
- NAS Port Type: Wireless - IEEE 802.11
- Machine Groups: AD Security Group containing a couple of Computers for testing
Constraints Tab:
- Authentication Methods:
- Protected EAP (PEAP) - EAP Types = enabled all
- Secured password (EAP-MSCHAP v2)
- All other constraint categories set to default values.
Settings Tab:
- All defaults.
Even though I'm using "Machine Groups" for the condition, it's still prompting for a username and password. So just to see what happens I enter my Domain creds and then it just says Can't connect to this network.
I also created a GPO to configure the SSID. I can see that the test PCs are receiving this GPO policy too. Under Security Settings in the GPO I created a Wireless Network (IEEE 802.11) Policy. In that policy I added the SSID with the following security settings, see attached Screenshot called GPO_Settings. Right now I'm just trying to see if Computer Auth is working so I disabled the checking of the Cert to try and simplify.
We currently have computer auth working through Cisco ISE on another SSID. But, I can't seem to get the Windows NPS working... When the PC tried to connect to this SSID and it prompts for a username and password (*which we don't want) it almost instantly comes back with "Can't connect to this network".
In the NPS log file I can see my last attempt is showing my PC's name under following fields: User-Name, SAM-Account-Name, and Fully-Qualified-User-Name. So it's almost as if it's attempting to do computer auth, I just don't understand the Username/Password prompt.
Am I missing something? Any help would be greatly appreciated!
Thanks in Advance,
Matt
No RepliesBe the first to reply