Wireless Access

Reply
Occasional Contributor II

Roaming Profiles with 802.1x Wireless Authentication using NPS.

I have a client who uses "roaming profiles" for his staff. When the staff connect to the wireless using 802.1x authentication they are getting a temp profile instead of their server driven roming profile.  They are using Windows NPS to do the 802.1x auth. I know that Machine Level authentication is the ticket so I called into Aruba TAC to help make sure I get this setup correctly. They helped a bit but could not get the NPS server to stop rejecting the Machine Auth. I have posted the notes from the case below.

 

  • Issue was setting up machine auth, but not getting roaming profile.
  • User was falling in guest role which is the machine auth user-default role
  • Changed the user-default-role to guest-logon role in machine authentication
  • The user came in guest-logon role. So the machine auth  is failing.
  • Enabled logging for the particular client.
  • Now checked the auth-tracebuff and saw machine auth response as failed from the server
  • Informed that we need to verify configurations on the nps server side

We are getting "Machine Auth Status" as FAILED but "User Auth Status" as Passed

 

"Unfortunately I was not able to find any specific document for configuration on the NPS side for machine auth policy configuration. But In the above tabular column, our scenario is the second one, we need to verify why the machine auth is failing. Kindly verify with the server team on validating the configurations on the machine auth policy."

 

Does anyone have a direction to point me in here to make sure I have the NPS server setup properly to do both the Machine Auth and the User Auth.   

Guru Elite

Re: Roaming Profiles with 802.1x Wireless Authentication using NPS.

1.  Turn off "Enforce Machine Authentication" in the 802.1x profile.  That will only obscure your real problem.

2.  Try to log off the machine while connecting wirelessly.

3.  Look at the NPS Event Viewer log to see if it passed or failed.  If it failed, please print the results here...

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Guru Elite

Re: Roaming Profiles with 802.1x Wireless Authentication using NPS.

Machine Authentication is good.

Roaming profiles, even on the wired network is incredibly bad.  Sometimes people put a gig of info in their documents or desktop.  All that information needs to be downloaded before the person can login to their computer completely.  Bad idea.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: