Security

Hello,

 

I've got an Aruba 650 appliance. We use a NAP server to validate user with RADIUS.

User are connecting perfectly but when I go to see the event viewer any events are in NAP section. I have try also to test with "AAA Test Server", the tool work fine but no events are registered in the server.

 

I am scared in case something fail and I have no option to see the logs.

 

Regards,

Are you looking under the Security logs?

No, I am looking under Server Roles - Network Policy and Access Services.

 

I always have looked there. Maybe the update we made on aruba controller was the guilty.

 

Thanks,

If 802.1X is working, then there's nothing on the controller that would prevent logging. Are you seeing anything under the NPS logs?

I can see any log under NPS. No logs, I deleted to see if something new is added but nothing happens.

 

I don't understand what you mean with "802.1X is working", do you mean that the user are login without problems?

 

 

http://social.technet.microsoft.com/Forums/windowsserver/en-US/064f3e68-42fa-4669-aede-838e7cc7df92/nps-events-and-audit-policy?forum=winserverNAP

Thanks so much. It's solved.

 

auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable

This command enable audit, but local policy overwrite it.

 

I finally have change the local policy and it works !!!

The success/failure setting can be found at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon/Logoff -> Audit Network Policy Server.

 

Thanks again.