Hi all,
I have a customer who want's to have a computer authentication against RADIUS (allow only school devices to connect through SSID). As I am a network engineer I am struggling with NPS settings and machine certificates.
I have lab settings in our office where I am using Windows Server 2012 and configured domain certificates using the links below
https://4sysops.com/archives/how-to-deploy-certificates-with-group-policy-part-2-configuration/#creating-the-certificates
http://www.petenetlive.com/KB/Article/0000919.htm
Under NPS I have two policies, one for domain devices and one for non-domain devices
Domain_devices policy:
Conditions - NAS Port Type - Wireless-Other OT Wireless - IEEE 802.11
Machine groups - domain\Domain devices - PC added to that group
Constraints - Auth. method - Microsoft Smart Card or other certificate
Domain_devices policy:
Conditions - NAS Port Type - Wireless-Other OT Wireless - IEEE 802.11
Constraints - Auth. method - Microsoft Protected EAP (PEAP)
When tested with iPad this was able to connect fine but when testing with domain laptop NPS is returning Event ID 6273 Reason code 16
Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
password is correct as I am using same one for iPad as well as computer login
Anybody with an idea why it's not working?
Thanks