我configuration了我们的RADIUS客户端(pfSense)和Windows 2008 NPS,通过RADIUS进行身份validation。 该设置是一个Captive门户,LAN用户通过Active Directory进行身份validation。
查看我们的事件日志时,我在logintesting后看到以下错误。
networking策略服务器拒绝访问该用户。
Contact the Network Policy Server administrator for more information. User: Security ID: CAMPUS\testuser Account Name: testuser Account Domain: CAMPUS Fully Qualified Account Name: campus.mydomain.local/Users/Administrator Client Machine: Security ID: NULL SID Account Name: - Fully Qualified Account Name: - OS-Version: - Called Station Identifier: - Calling Station Identifier: - NAS: NAS IPv4 Address: 0.0.0.0 NAS IPv6 Address: - NAS Identifier: pfsense.campus.mydomain.local NAS Port-Type: - NAS Port: - RADIUS Client: Client Friendly Name: pfSense Client IP Address: 192.168.1.6 Authentication Details: Proxy Policy Name: Use Windows authentication for all users Network Policy Name: Connections to other access servers Authentication Provider: Windows Authentication Server: AGDC01.campus.mydomain.local Authentication Type: PAP EAP Type: - Account Session Identifier: - Reason Code: 65 Reason: The connection attempt failed because network access permission for the user account was denied. To allow network access, enable network access permission for the user account, or, if the user account specifies that access is controlled through the matching network policy, enable network access permission for that network policy. 这与我authentication的用户无关。 在AD内,我们的用户被设置为“通过NPSnetworking策略控制访问”。 我期待着一些帮助,因为我很困难。
我确定我不是第一个遇到这个问题的人,所以我正在回答我自己的问题。 在NPS内部,必须改变以下问题并解决问题。
在NPS内,转到:
这纠正了这个问题,只是为了安全和有序的政策如下: