Hey everyone! I'm facing a peculiar issue with one of our users. I set up a RADIUS server to manage network access based on Windows groups that include computer objects. Most users connect to the WiFi without a hitch, and the NPS logs show they're being allowed access as expected based on their computer's group membership. However, one user is having problems. When they click on the WiFi SSID, they're prompted for a username and password, despite their PC being in the correct group, just like the others. I've tried getting help from ChatGPT and Gemini, but no luck. Has anyone else run into this issue?
3 Answers
Does the computer have the proper certificate for machine authentication? It's worth a check!
Hey, just a quick question: is your AD object set to Deny in the Dial-in policy instead of using NPS? Sometimes that can cause these issues.
This sounds like a common Windows authentication problem. There are several reasons why this could be happening:
1. **Computer Account Issues:** The computer's password might be out of sync with the domain. You can check this by running `nltest /sc_verify:DOMAIN`. If it fails, you might need to use `nltest /sc_reset:DOMAIN` to reset it.
2. **Group Policy Application:** The wireless policy may not be applying to that specific machine. Run `gpupdate /force` and reboot, then check with `rsop.msc` to verify if the policy is applied.
3. **Certificate Problems:** Make sure the machine certificate isn't missing or expired. Check in `certlm.msc` for computer certificates, focusing on the Personal and Trusted Root stores.
4. **WLAN AutoConfig Service:** The service might have issues, so restart "WLAN AutoConfig" and ensure it starts automatically.
Try checking the secure channel and the group membership first, as that’s usually where these issues stem from.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures