Hello,
I know this question has been asked a bunch but the answers seem to vary between everyone's own setups.
The goal is to get machine and user authentication working via RADIUS server through Windows NPS.
Currently, I'm able to get user auth (AD credentials) working but once I add a machine group, everything fails.
This is the log when I add a machine group to the network policy constraints:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/16/2017 5:21:17 PM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: DC.corp.com
Description:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: CORP\msong
Account Name: CORP\msong
Account Domain: CORP
Fully Qualified Account Name: corp.com/sea/msong
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: Connections to other access servers
Authentication Provider: Windows
Authentication Server: dc.corp.com
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 65
Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access
I checked dial-in properties to be ignored in the network policy.
I'm pretty new to this stuff, so any help is appreciated.
Let me know if you need any more info.
Thanks!