User or computer certificate selection for 802.1x

Brass Contributor

I've set up an NPS, on windows 2019, to be used as Radius server for 802.1x certificate-based autentication.

On NPS I made a connection profile with both Domain Users And Domain Computer so that belonging to one of them should enable to connect to wi-fi, provided that the computer OR the user has a valid Cert.

I found, however, that it seems that the connection only works if "at least" there's the computer certificate.

If a computer has not the certificate but the user does it does not connect.

What is wrong ?



1 Reply

Hi Stefano,

You have to check these configurations:
1. Certificate via a certification authority

2. NPS - Radius Clients
3. NPS - Connection Request Policy: Condition > NAS Port Type: Wireless - IEEE 802.11 OR Wireless - Other
4. NPS - Network Policy: Condition > Windows Groups (users)
5. GPO: Wireless Network Policy with Authentication Mode: User authentication
6. AccessPoints: WPA-2 Enterprise

Logs on the server can be consulted in Event Viewer > Custom Views > Server Roles > Network Policy and Access Services
Logs on clients can be consulted in Event Viewer > Applications and Service Logs > Microsoft > Windows > WLAN-Autoconfig > Operational


Also check my post: