Z
Zylawy
Hello, I hope someone can help me solve this issue I am having with a new RADIUS server. We are trying to authenticate simple usernames and passwords using PAP. This is not for VPN or wireless, this is for a PPPoE authentication request back to our core router (not the end device). The core router then handles the DHCP and provides them the connection to our fiber lines out to the internet.
I have installed NPS on Server 2016, created a local user as a test account for authentication. I do not want this server to be domain joined. In my case the only condition I need it to check the username and password.
This article https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc... states that it uses the SAM database by default if it not domain joined. I've tried NAP as Allow and Control access through NPS Network Policy in the user account. I have also configured my Network Policies to allow access as long as they are in the BUILTIN\Users group. but that policy doesn't apply to the request as it was denied by the connection request policies (which is the default)
When running my test from our cisco device:
bob#test aaa group RADIUS repair fix legacy
Attempting authentication test to server-group RADIUS using radius
No authoritative response from any server.
On the server I get:
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: repair
Account Domain: RADIUS
Fully Qualified Account Name: RADIUS\repair
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: -
Calling Station Identifier: -
NAS:
NAS IPv4 Address: 192.139.145.191
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Async
NAS Port: -
RADIUS Client:
Client Friendly Name: Bob
Client IP Address: 192.139.145.191
Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: RADIUS
Authentication Type: PAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the SQL data store and the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
So at this point I know traffic is passing and it is hitting the radius server (Which is good in my opinion). I have checked the username and password, however at this point I am a bit stumped. Is there anything which I may be missing in the Connection Request Policies?
Any help is appreciated.
Continue reading...
I have installed NPS on Server 2016, created a local user as a test account for authentication. I do not want this server to be domain joined. In my case the only condition I need it to check the username and password.
This article https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc... states that it uses the SAM database by default if it not domain joined. I've tried NAP as Allow and Control access through NPS Network Policy in the user account. I have also configured my Network Policies to allow access as long as they are in the BUILTIN\Users group. but that policy doesn't apply to the request as it was denied by the connection request policies (which is the default)
When running my test from our cisco device:
bob#test aaa group RADIUS repair fix legacy
Attempting authentication test to server-group RADIUS using radius
No authoritative response from any server.
On the server I get:
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: repair
Account Domain: RADIUS
Fully Qualified Account Name: RADIUS\repair
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: -
Calling Station Identifier: -
NAS:
NAS IPv4 Address: 192.139.145.191
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Async
NAS Port: -
RADIUS Client:
Client Friendly Name: Bob
Client IP Address: 192.139.145.191
Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: RADIUS
Authentication Type: PAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the SQL data store and the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
So at this point I know traffic is passing and it is hitting the radius server (Which is good in my opinion). I have checked the username and password, however at this point I am a bit stumped. Is there anything which I may be missing in the Connection Request Policies?
Any help is appreciated.
Continue reading...