active-directory - Active Directory NPS 无线连接不工作

Question

我最近在我的域控制器上设置了一个 NPS 服务器进行测试。

我创建了半径客户端并定义了策略。还将接入点配置为与 radius 服务器通信。

问题是每次我尝试登录 wifi 时，它都会显示“正在连接..”，然后返回显示 wifi 状态“已保存”。

这是日志：

 <Event><Timestamp data_type="4">01/10/2018 16:32:59.280</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">testuser</User-Name><Called-Station-Id data_type="1">9C-3D-CF-6F-59-FA:NETGEAR39-5G</Called-Station-Id><NAS-Port-Type data_type="0">19</NAS-Port-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">7C-5C-F8-3B-8F-53</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54Mbps 802.11a</Connect-Info><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 30</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

    <Event><Timestamp data_type="4">01/10/2018 16:32:59.280</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 30</Class><Session-Timeout data_type="0">60</Session-Timeout><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

    <Event><Timestamp data_type="4">01/10/2018 16:32:59.296</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Called-Station-Id data_type="1">9C-3D-CF-6F-59-FA:NETGEAR39-5G</Called-Station-Id><NAS-Port-Type data_type="0">19</NAS-Port-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">7C-5C-F8-3B-8F-53</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54Mbps 802.11a</Connect-Info><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><User-Name data_type="1">testuser</User-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 31</Class><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

    <Event><Timestamp data_type="4">01/10/2018 16:32:59.296</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 31</Class><Session-Timeout data_type="0">30</Session-Timeout><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

    <Event><Timestamp data_type="4">01/10/2018 16:32:59.311</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Called-Station-Id data_type="1">9C-3D-CF-6F-59-FA:NETGEAR39-5G</Called-Station-Id><NAS-Port-Type data_type="0">19</NAS-Port-Type><NAS-Port data_type="0">1</NAS-Port><Calling-Station-Id data_type="1">7C-5C-F8-3B-8F-53</Calling-Station-Id><Connect-Info data_type="1">CONNECT 54Mbps 802.11a</Connect-Info><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Framed-MTU data_type="0">1400</Framed-MTU><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><User-Name data_type="1">testuser</User-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 32</Class><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

    <Event><Timestamp data_type="4">01/10/2018 16:32:59.311</Timestamp><Computer-Name data_type="1">TPSSERVER1</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 192.168.0.42 01/10/2018 04:52:10 32</Class><Acct-Session-Id data_type="1">3E123D45-00000005</Acct-Session-Id><Session-Timeout data_type="0">30</Session-Timeout><Client-IP-Address data_type="3">192.168.0.99</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Netgear Access Point</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections 2</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">THEPHOTOSTUDIO\testuser</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">THEPHOTOSTUDIO\testuser</Fully-Qualifed-User-Name><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">Secure Wireless Connections 2</NP-Policy-Name><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

我也尝试过更改无线接入点以确保，但结果相同。

有任何想法吗？

Answer 1

我解决了这个问题。

显然，服务器正在对用户进行身份验证，但无法向 radius 客户端进行身份验证。

我们需要向 NPS 服务器添加不同的新证书。

所以在 NPS 管理控制台中，Policies --> Network Policies --> (Select your policy) --> Constraints --> Authentication Methods --> 在 EAP Types 框中选择 Microsoft: Protected EAP (PEAP) --> Edit并将颁发的证书更改为最后一个选项。--> 确定 --> 应用。