• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2228
  • Last Modified:

Server 2008 R2 Radius / NPS not recognising user name

I am trying to configure our Windows 2008 Radius Server to apply a specific settings to a single wireless client. Unfortunately the radius requests are not containing a lot of information to differentiate between clients - the only unique field in the event log is the 'User Name'.

However when I try to set up a new Connection Request Policy to trigger on the 'User name' condition it skips this policy in position 1 and matches against the policy in position 2.

(Event log details)
+ System
- EventData

  SubjectUserSid S-1-0-0
  SubjectUserName SVWwan
  SubjectDomainName -
  FullyQualifiedSubjectUserName -
  SubjectMachineSID S-1-0-0
  SubjectMachineName -
  FullyQualifiedSubjectMachineName -
  MachineInventory -

Although I can see the SubjectUserName  (SVWwan)coming through in the event log I can't get it to match against anything in the User Name condition.
Is the SubjectUserName the same thing as User Name condition in the Connection Request Policies ? Has anyone run into problems with the username condition field or do you know any tricks to use with the pattern-matching syntax that might help?

Thanks in advance
  • 2
1 Solution
I feel you pain. I've been trying to find a comprehensive guide to working with NPS, but typical to MS fashion, there's little, legible, material available.
Take a look at this link, it may have some info that will help, tho it does not target your specific question, it does go spell out configuration steps and helped me understand the various components involved with setting up policies and conditions

My problem is that (1) the logs indicate my wireless is connecting at 0Mbps on 802.11b - and I'm on 802.11n, and 'report code 23', some ridiculously vague error indicating NPS 'use of EAP".

Post your solution when you find it, it will certainly help others.
BigBlakeAuthor Commented:
Well I finally got htis working, although not as I had originally envisaged. I am now able to apply individual settings to connections (Like framed routes etc.) to incoming connections from Telstra's nextG service. At least some of the problems came from the unknown authentication servers used by our carrier which were proxying the authentication information through to us.

I am currently working on my documentation, if anyone else is facing similar issues (Telstra NextG connection on telstra.corp apn) let me know and I can post the detailed steps.
BigBlakeAuthor Commented:
I am not 100% happy with the solution - it is partial work around that gives me the functionality we require but with a lowering of security.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now