RADIUS connection to Win Server 2016
I had this question after viewing RADIUS Authentication Problem in Windows Server 2016.
Same issue; I am trying to connect handheld devices for internet access. Struggling for a week with no success. Have gone through all the steps, installed certificate, etc.
Always receiving an Authentication problem.
I checked the event logs and could not find anything relevant, maybe I am looking in the wrong place? Nothing RADIUS related.
Please help if you can.
Thanks.
Same issue; I am trying to connect handheld devices for internet access. Struggling for a week with no success. Have gone through all the steps, installed certificate, etc.
Always receiving an Authentication problem.
I checked the event logs and could not find anything relevant, maybe I am looking in the wrong place? Nothing RADIUS related.
Please help if you can.
Thanks.
Are you using EAP or PEAP authentication for the session on the phones? EAP requires device and user certificates for each phone and those have to be distributed.
ASKER
I'm using PEAP; I am using a 3rd party RADIUS server for years, however the plan is to migrate all domain users to the Windows based RADIUS and use the 3rd party for IoS clients and guest users; however, after struggling for 1 week with no results in sight that does not seem likely to happen. Something is wrong, but I cannot find what since there is no log to shed some light on the authentication problem. The 3rd party RADIUS allows flawless access to the users registered on the AD.
I have a RADIUS configured in the NPS, and also defined Connexion Request policy and Network policy for the wireless connexions.
I have a RADIUS configured in the NPS, and also defined Connexion Request policy and Network policy for the wireless connexions.
ASKER
Cliff, thanks for the suggestion.
I'm not an IT practitioner, even though I do IT work, and my knowledge is limited.
I cannot find any event related to RADIUS authentication, maybe there is none; I've never used the Event Viewer before and my queries are rejected, either for too many records or for some other reason. But perusing through the events I cannot find anything relevant. If you can direct me how to look for user authentication failure through the RADIUS client requests, I will do it.
Hiring some consultant is out of question, it will take ours just to understand what's going on and I do not have a budget for that. So I will have to fix it myself or drop it and move on.
To the best of my knowledge, all configurations are right but it won't connect.
I'm not an IT practitioner, even though I do IT work, and my knowledge is limited.
I cannot find any event related to RADIUS authentication, maybe there is none; I've never used the Event Viewer before and my queries are rejected, either for too many records or for some other reason. But perusing through the events I cannot find anything relevant. If you can direct me how to look for user authentication failure through the RADIUS client requests, I will do it.
Hiring some consultant is out of question, it will take ours just to understand what's going on and I do not have a budget for that. So I will have to fix it myself or drop it and move on.
To the best of my knowledge, all configurations are right but it won't connect.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I just could not drop it... Anyway, it works now! The configuration was fine, the certificate in the right store; by chance I discovered that when the 3rd party RADIUS server is switched off, the AD users could connect through the NPS RADIUS client; switch the external RADIUS on, and all AD users are disconnected and could not reconnect until the external RAD is off again. However, the 3rd party RADIUS users are not affected.
The two RADIUS servers run on different computers and obviously have different IPs; they are both setup in the Cisco controller, with different secrets. The clients connected through the 3rd party RAD are not domain users.
I can't identify the cause from the event logs.
Any ideas what could cause this condition?
Thanks.
The two RADIUS servers run on different computers and obviously have different IPs; they are both setup in the Cisco controller, with different secrets. The clients connected through the 3rd party RAD are not domain users.
I can't identify the cause from the event logs.
Any ideas what could cause this condition?
Thanks.
If the client is talking to the 3rd party radius server and that server is responding that the user doesn't exist the client has no reason to fall back to anither server. That's 100% a client configuration issue not an NPS problem.
ASKER
Makes sense, however it works just one way since the 3rd party radius takes precedence; so I will have to check the configuration.
Thanks
Thanks
ASKER
You were correct, it is documented by Cisco.
Thanks.
Thanks.
If you aren't seeing logs then you might not be looking closely enough. Or the default event log settings were changed. Or the radius client is not configured to point to the right server/port.
It's going to be one of those things.