Forum Discussion

mmartin1935's avatar
mmartin1935
Copper Contributor
Jan 10, 2024

Computer/Machine Auth Not Working with NPS

Hello All,

 

We are moving away from a Cisco RADIUS server and wanting to implement Windows NPS as RADIUS server.

 

I have configured a Wireless Policy in NPS with the following (*Screenshot attached too):

Conditions Tab:

  • NAS Port Type: Wireless - IEEE 802.11
  • Machine Groups:  AD Security Group containing a couple of Computers for testing

Constraints Tab:

  • Authentication Methods:
    • Protected EAP (PEAP) - EAP Types = enabled all
    • Secured password (EAP-MSCHAP v2)
    • All other constraint categories set to default values.

Settings Tab:

  • All defaults.

 

Even though I'm using "Machine Groups" for the condition, it's still prompting for a username and password. So just to see what happens I enter my Domain creds and then it just says Can't connect to this network.

 

I also created a GPO to configure the SSID. I can see that the test PCs are receiving this GPO policy too. Under Security Settings in the GPO I created a Wireless Network (IEEE 802.11) Policy. In that policy I added the SSID with the following security settings, see attached Screenshot called GPO_Settings. Right now I'm just trying to see if Computer Auth is working so I disabled the checking of the Cert to try and simplify.

 

We currently have computer auth working through Cisco ISE on another SSID. But, I can't seem to get the Windows NPS working... When the PC tried to connect to this SSID and it prompts for a username and password (*which we don't want) it almost instantly comes back with "Can't connect to this network".

 

In the NPS log file I can see my last attempt is showing my PC's name under following fields:  User-Name, SAM-Account-Name, and Fully-Qualified-User-Name. So it's almost as if it's attempting to do computer auth, I just don't understand the Username/Password prompt.

 

Am I missing something? Any help would be greatly appreciated!

 

Thanks in Advance,
Matt

No RepliesBe the first to reply

Resources