question

RamachandranKrishnakumar-6682 avatar image
0 Votes"
RamachandranKrishnakumar-6682 asked CandyLuo-MSFT commented

I created a NPS policy and a AD DL to allow those user to get connected to cisco switch. and it is not working as expected.

[18:17] Ramachandran, Krishnakumar


AT Radius server end.

The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy,
obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.


Cisco switch end.
\

Attempting authentication test to server-group radius using radius
User authentication request was rejected by server.

windows-server
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking in to see if the information provided was helpful. Please try to mark the replies which help you. It will encourage the person who help you.
Appreciate your understanding. :)

0 Votes 0 ·

You could accept the useful reply as answer if you want to end this thread up.
If there is anything else we can do for you, please feel free to post in the forum.

0 Votes 0 ·
CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered

Hi @RamachandranKrishnakumar-6682,

Please check authentication methods in NPS, make sure you checked Unencrypted authentication (PAP, SPAP).

119031-1.png

Then check if authentication can work.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




1.png (34.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered

Hi ,

Before going further, I would appreciate your help in clarifying the following situations:

1.Have you set Network Access Permissions to Control access through NPS Network Policy in account properties?

118700-1.png

2.If set Control access through NPS Network Policy still doesn't work, please check ignore user account dial-in properties in NPS and check the results again.

118794-1.png

If the above steps still didn't work, please check NPS log and post the exact deny message.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



1.png (19.8 KiB)
1.png (29.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RamachandranKrishnakumar-6682 avatar image
0 Votes"
RamachandranKrishnakumar-6682 answered


@CandyLuo-MSFT

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: TPICOMP\r.krishna
Account Name: r.krishna
Account Domain: TPICOMP
Fully Qualified Account Name: TPICOMP\r.krishna

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: -
Calling Station Identifier: -

NAS:
NAS IPv4 Address: 10.149.0.26
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Async
NAS Port: -

RADIUS Client:
Client Friendly Name: IND AP (up to 10.149.0.254)
Client IP Address: 10.149.0.26

Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: IND_SWITCHES
Authentication Provider: Windows
Authentication Server: AZS-16-Radius.tpicomp.com
Authentication Type: PAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 66
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.