I am struggling with VPN clients and the NPS. Today I am using the Meraki option selected as direct read to the AD, I think is as a LDAP.
I still want to use the NPS, but my default policy do not work, its says in the event view that my policy do not accept the NAS port type of the incoming connection when using VPN.
I am using NPS with my wireless and 802.1x, in both cases the NAS port type is showings its type... but with the VPN connection the NAS port type its not been recognize its only shows a dash (-) like blank information.
Unfortunately the NPS don't give me a option to create a policy that accept a connection without the NAS port type showing something... Any suggestion to fix this behavior ?
Solved! Go to solution.
It is workings now! I keep the same configuration but I uncheck all option about NAS Porty Type and did a reboot on the NPS service instead of the server itself. Windows and its need of random reboots rsrrsrs
Thank you guys !!
Just to confirm, did you follow https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_... to set this up? Have you validated your settings against it?
Thank you Nash.
Yes I did, my wireless WPA2-enteprise is working fine by the way, my default policy is a very basic one, basically is says if you are from my Windows group all users and use any kind of EAPS you have access granted...
When using the Meraki to test my NPS I receive a pass too, but with the VPN, because its inability to recognize the NAS port type, its is not letting my users when coming from the VPN connection to have access.
Oh gosh, I see. You're having trouble with the client VPN? I assumed wireless because it's in the wireless forum. @MeredithW I think this topic needs a move maybe?
Since client VPN, have you built out a fully separate setup using https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN ? Do your settings for it match this exactly?
I've followed the above for NPS for client VPN on a couple dozen servers now, ranging from 2008r2 to 2016, and not seen the problem you are encountering. Including at clients that also use NPS for 802.1x.
Hi Nash, I really didn't read this article, thank you.
Reading it now, I see that my Request Policy is different from the example, I am using the default one about the time of the day, I think is not the problem in my case.
Although maybe my Network Policy need to change or I will create a new one with this settings*** as the article indicate.
My conditions as I said before is only asking for the Windows Group Domain Users. The NAS port type setting is together in the same session as settings about encryption, maybe will make a difference in my case changing the encrypted type to exactly as the article says. Anyway even with it is not looks like that it will have a relationship about NAS type port, maybe it will do a trick and fixed my situation ? I will try and post the results. Thanks !!
***Deselect all checkboxes and select Unencrypted authentication (PAP, SPAP). An informational box will be displayed press No to continue and press Next. For security information about using PAP click here.
You're welcome! Hope it helps.
I strongly recommend setting it up exactly as Meraki recommends on all policies. Get it working then see if the NAS port type is still an issue. I'm pretty sure it won't be. 🙂
>its says in the event view that my policy do not accept the NAS port type of the incoming connection when using VPN.
The MX does not set the port type attribute for client VPN users, so you can't match on port type being "VPN".
Hey Philip, thanks for the clarification, so my Win server is a 2012, in the NPS I tried to make it stop caring about the NAS port type, but I couldn't, I didn't see any option to disable this setting, I tried un-check all option, or checking all them, but both ways it is not working.
Any orientation ?
Thanks.
Did you try to delete and recreate the problem policy? That can be simpler than adjusting the settings after it's done.
It is workings now! I keep the same configuration but I uncheck all option about NAS Porty Type and did a reboot on the NPS service instead of the server itself. Windows and its need of random reboots rsrrsrs
Thank you guys !!