Solved

Server 2008 R2 Radius / NPS not recognising user name

Posted on 2011-03-20
3
2,114 Views
Last Modified: 2013-12-04
I am trying to configure our Windows 2008 Radius Server to apply a specific settings to a single wireless client. Unfortunately the radius requests are not containing a lot of information to differentiate between clients - the only unique field in the event log is the 'User Name'.

However when I try to set up a new Connection Request Policy to trigger on the 'User name' condition it skips this policy in position 1 and matches against the policy in position 2.

(Event log details)
+ System
- EventData

  SubjectUserSid S-1-0-0
  SubjectUserName SVWwan
  SubjectDomainName -
  FullyQualifiedSubjectUserName -
  SubjectMachineSID S-1-0-0
  SubjectMachineName -
  FullyQualifiedSubjectMachineName -
  MachineInventory -

Although I can see the SubjectUserName  (SVWwan)coming through in the event log I can't get it to match against anything in the User Name condition.
Is the SubjectUserName the same thing as User Name condition in the Connection Request Policies ? Has anyone run into problems with the username condition field or do you know any tricks to use with the pattern-matching syntax that might help?

Thanks in advance
0
Comment
Question by:BigBlake
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Expert Comment

by:PotreroHill
ID: 35218047
I feel you pain. I've been trying to find a comprehensive guide to working with NPS, but typical to MS fashion, there's little, legible, material available.
Take a look at this link, it may have some info that will help, tho it does not target your specific question, it does go spell out configuration steps and helped me understand the various components involved with setting up policies and conditions
http://araihan.wordpress.com/2009/11/11/windows-server-2008-how-to-configure-network-policy-server-nps-or-radius-server/

My problem is that (1) the logs indicate my wireless is connecting at 0Mbps on 802.11b - and I'm on 802.11n, and 'report code 23', some ridiculously vague error indicating NPS 'use of EAP".
http://technet.microsoft.com/en-us/library/dd197464%28WS.10%29.aspx

Post your solution when you find it, it will certainly help others.
0
 
LVL 1

Accepted Solution

by:
BigBlake earned 0 total points
ID: 36150391
Well I finally got htis working, although not as I had originally envisaged. I am now able to apply individual settings to connections (Like framed routes etc.) to incoming connections from Telstra's nextG service. At least some of the problems came from the unknown authentication servers used by our carrier which were proxying the authentication information through to us.

I am currently working on my documentation, if anyone else is facing similar issues (Telstra NextG connection on telstra.corp apn) let me know and I can post the detailed steps.
0
 
LVL 1

Author Closing Comment

by:BigBlake
ID: 36171821
I am not 100% happy with the solution - it is partial work around that gives me the functionality we require but with a lowering of security.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question