question

KZMuser avatar image
0 Votes"
KZMuser asked KZMuser commented

Is there a way to set NPS server connect to specific LDAP server(DC)?

HI, all

I have a problem with NPS authentication for 802.1x PEAP-MS-CHAPV2 (Only machine authentication)

We have 3 sites (SiteA, SiteB, SiteC) in a domain environment

When a PC join domain, the computer object has created in SiteA DC.

When a joined PC has tried to connect to wireless SSID (802.1x PEAP-MS-CHAPV2 machine authentication)

The NPS server has not installed DC role, just member server.

the NPS log said ldap connection has made to SiteB DC and said specific computer object is not found.

So I checked all DCs in 3 sites, the computer object is not replicated yet from SiteA.

Is there a way to set NPS server always connect to specific SiteA DC first for authentication?

I added IP subnet of NPS server into AD siteA but ldap connection is not matter.

Also I saw a article for set all DCs into a Remote RADIUS server group. And set priority 1 of siteA DC.

Is that possible? The DC has only DC role (no NPS role).

Thank you





windows-network-access-protection
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered KZMuser commented

Hello @KZMuser,

NPSs must be registered in Active Directory so that they have permission to read the dial-in properties of user accounts during the authorization process. Registering an NPS adds the server to the RAS and IAS Servers group in Active Directory.

Membership in Administrators, or equivalent, is the minimum required to perform these procedures.

To register an NPS in another domain by using Netsh commands for NPS
Open Command Prompt or Windows PowerShell.

Type the following at the command prompt: netsh nps add registeredserver domain server, and then press ENTER.

In the preceding command, domain is the DNS domain name of the domain where you want to register the NPS, and server is the name of the NPS computer.

https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-register

Hope this answers all your queries, if not please do repost back.
If an Answer is helpful, please click "Accept Answer" and upvote it : )

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your reply.

The nps server is already registered in Active Directory.
When computer object has replicated from SiteA DC, then everything is fine.

The problem is NPS server is connected to other site DC that is not replicated yet.

I want to a joined PC connect to wireless lan with 802.1x machine authentication at first boot.

Thank you

0 Votes 0 ·