Solved

Server 2008 R2 Radius / NPS not recognising user name

Posted on 2011-03-20
3
2,040 Views
Last Modified: 2013-12-04
I am trying to configure our Windows 2008 Radius Server to apply a specific settings to a single wireless client. Unfortunately the radius requests are not containing a lot of information to differentiate between clients - the only unique field in the event log is the 'User Name'.

However when I try to set up a new Connection Request Policy to trigger on the 'User name' condition it skips this policy in position 1 and matches against the policy in position 2.

(Event log details)
+ System
- EventData

  SubjectUserSid S-1-0-0
  SubjectUserName SVWwan
  SubjectDomainName -
  FullyQualifiedSubjectUserName -
  SubjectMachineSID S-1-0-0
  SubjectMachineName -
  FullyQualifiedSubjectMachineName -
  MachineInventory -

Although I can see the SubjectUserName  (SVWwan)coming through in the event log I can't get it to match against anything in the User Name condition.
Is the SubjectUserName the same thing as User Name condition in the Connection Request Policies ? Has anyone run into problems with the username condition field or do you know any tricks to use with the pattern-matching syntax that might help?

Thanks in advance
0
Comment
Question by:BigBlake
  • 2
3 Comments
 

Expert Comment

by:PotreroHill
ID: 35218047
I feel you pain. I've been trying to find a comprehensive guide to working with NPS, but typical to MS fashion, there's little, legible, material available.
Take a look at this link, it may have some info that will help, tho it does not target your specific question, it does go spell out configuration steps and helped me understand the various components involved with setting up policies and conditions
http://araihan.wordpress.com/2009/11/11/windows-server-2008-how-to-configure-network-policy-server-nps-or-radius-server/

My problem is that (1) the logs indicate my wireless is connecting at 0Mbps on 802.11b - and I'm on 802.11n, and 'report code 23', some ridiculously vague error indicating NPS 'use of EAP".
http://technet.microsoft.com/en-us/library/dd197464%28WS.10%29.aspx

Post your solution when you find it, it will certainly help others.
0
 
LVL 1

Accepted Solution

by:
BigBlake earned 0 total points
ID: 36150391
Well I finally got htis working, although not as I had originally envisaged. I am now able to apply individual settings to connections (Like framed routes etc.) to incoming connections from Telstra's nextG service. At least some of the problems came from the unknown authentication servers used by our carrier which were proxying the authentication information through to us.

I am currently working on my documentation, if anyone else is facing similar issues (Telstra NextG connection on telstra.corp apn) let me know and I can post the detailed steps.
0
 
LVL 1

Author Closing Comment

by:BigBlake
ID: 36171821
I am not 100% happy with the solution - it is partial work around that gives me the functionality we require but with a lowering of security.
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now