Wireless Access

Hi all friends and expert.,

We have an issue as below :

NPS : Joined domain

Source authentication: Account local  (it's not domain account )

Created a local account on NPS server, when we try AAA test authen with a local account, the log said that: NPS always lookup on the domain, does not lookup on the local database.

Please help me, thank you so much!,

Here is the logs:

NPS-01","IAS",10/25/2019,12:45:33,1,"fatraining","ABC.COM\fatraining","000B86B79267","0.0.0.0",,,"Aruba-Master","192.16.3.21",0,0,"192.16.3.21","Aruba-Master-01",,,19,,,1,4,,0,"311 1 10.16.34.222 10/24/2019 08:58:21 290",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Training",1,,,,

Lee

Is the local user being checked for in the NPS policy?

Oliver put together an excelent guide on how to properly configure NPS 

https://community.arubanetworks.com/t5/Security/ArubaOS-Admin-Authentication-with-Microsoft-NPS/td-p/433832 

You'll notice that there is a User Group Section in teh NPS rule that will check for the proper user group. 

Look under NPS Server, Policies, Network Policies, and select the correct policy for authenticating wireless users. 

When you go to Select a group you'll need to change the location from the default Domain Location to the local machine location to select the local user / group.

From the sounds of this the local account is likely for a special purpuse, as such I'd suggest creating a new user role on the controller with additional ACL's and/or seperate VLAN assignment, creating a new NPS policy that then returns this new role to the controller.