Hi everyone,
We are using Windows NPS as a RADIUS server for the corporate wireless network. Only the AD groups defined in the NPS policy (i.e. DOMAIN\WIFIGRP) are allowed to authenticate. We configured the MaxDenials and ResetTime registry entries using values that roughly half of what is defined in AD's account lockout policy.
The problem is, when we deliberately enter wrong password's for a member of DOMAIN\WIFIGRP NPS's remote lockout policy does not seem to 'intercept' those requests and AD's badPwdCount get's incremented instead, which is precisely what we are trying to avoid.
Any ideas?
Thanks in advance.