Solved

Server 2008 R2 Radius / NPS not recognising user name

Posted on 2011-03-20
3
2,088 Views
Last Modified: 2013-12-04
I am trying to configure our Windows 2008 Radius Server to apply a specific settings to a single wireless client. Unfortunately the radius requests are not containing a lot of information to differentiate between clients - the only unique field in the event log is the 'User Name'.

However when I try to set up a new Connection Request Policy to trigger on the 'User name' condition it skips this policy in position 1 and matches against the policy in position 2.

(Event log details)
+ System
- EventData

  SubjectUserSid S-1-0-0
  SubjectUserName SVWwan
  SubjectDomainName -
  FullyQualifiedSubjectUserName -
  SubjectMachineSID S-1-0-0
  SubjectMachineName -
  FullyQualifiedSubjectMachineName -
  MachineInventory -

Although I can see the SubjectUserName  (SVWwan)coming through in the event log I can't get it to match against anything in the User Name condition.
Is the SubjectUserName the same thing as User Name condition in the Connection Request Policies ? Has anyone run into problems with the username condition field or do you know any tricks to use with the pattern-matching syntax that might help?

Thanks in advance
0
Comment
Question by:BigBlake
  • 2
3 Comments
 

Expert Comment

by:PotreroHill
ID: 35218047
I feel you pain. I've been trying to find a comprehensive guide to working with NPS, but typical to MS fashion, there's little, legible, material available.
Take a look at this link, it may have some info that will help, tho it does not target your specific question, it does go spell out configuration steps and helped me understand the various components involved with setting up policies and conditions
http://araihan.wordpress.com/2009/11/11/windows-server-2008-how-to-configure-network-policy-server-nps-or-radius-server/

My problem is that (1) the logs indicate my wireless is connecting at 0Mbps on 802.11b - and I'm on 802.11n, and 'report code 23', some ridiculously vague error indicating NPS 'use of EAP".
http://technet.microsoft.com/en-us/library/dd197464%28WS.10%29.aspx

Post your solution when you find it, it will certainly help others.
0
 
LVL 1

Accepted Solution

by:
BigBlake earned 0 total points
ID: 36150391
Well I finally got htis working, although not as I had originally envisaged. I am now able to apply individual settings to connections (Like framed routes etc.) to incoming connections from Telstra's nextG service. At least some of the problems came from the unknown authentication servers used by our carrier which were proxying the authentication information through to us.

I am currently working on my documentation, if anyone else is facing similar issues (Telstra NextG connection on telstra.corp apn) let me know and I can post the detailed steps.
0
 
LVL 1

Author Closing Comment

by:BigBlake
ID: 36171821
I am not 100% happy with the solution - it is partial work around that gives me the functionality we require but with a lowering of security.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Replication 12 71
rds question 5 40
2008 R2 time server is invalid 6 38
Changing logon server question 5 67
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question