Environment:
AD (windows2012) + NPS (windows2012) + DHCP (windows2012) + cisco AC (2500), all thin AP, are all cisco products,
The authentication process:
Client input user name and password to AC, AC is passed to the NPS server, NPS server read the AD authentication, certification through the specified VLAN users are, and then pass the DHCP client get IP, and then network unimpeded
Fault phenomenon:
Mobile phone, doing, win10 can login; But the company as long as it is Windows 7 computer how all not line, I tried some different accounts are not, consult a great god help me,
Log as follows, there are two:
The first:
Network policy server has refused to grant a user access,
For more information, please contact the network policy server administrator,
User:
Security ID:
NULL SID
Account name:
Test/cc.aoto.com
The account domain:
Auto
Fully qualified name of account:
Auto \ cc $
The client computer:
Security ID:
NULL SID
Account name:
-
Fully qualified name of account:
-
OS version:
-
Have call station identifier:
78 - ba - f9 - BC - 0 e - 30: guest
Is called station identifier:
4 g - 11 - g1 - d4-29-56
The NAS:
The NAS IPv4 address:
192.168.1.5
The NAS IPv6 address:
-
The NAS identifier:
Controller2504
The NAS port type:
Wireless - IEEE 802.11
The NAS port:
13
The RADIUS client:
The client friendly name:
Wifi_2504_1. 5
The client IP address:
192.168.1.5
The authentication details:
Connection request policy name:
All users are using Windows authentication
Name of web strategy:
-
The authentication provider:
Windows
The authentication server:
Dc.aoto.com
The authentication type:
EAP
EAP types:
-
Account session identifier:
-
Logging results:
Accounting information written to the local log files,
Reason code:
22
Reason:
Because the client can't authentication, extensible authentication protocol (EAP) can't be server processing,
The second:
User:
Security ID:
NULL SID
Account name:
Test/cc.aoto.com
The account domain:
Auto
Fully qualified name of account:
Auto \ cc $
The client computer:
Security ID:
NULL SID
Account name:
-
Fully qualified name of account:
-
OS version:
-
Have call station identifier:
78 - ba - f9 - BC - 0 e - 30: guest
Is called station identifier:
4 g - 11 - g1 - d4-29-56
The NAS:
The NAS IPv4 address:
192.168.1.5
The NAS IPv6 address:
-
The NAS identifier:
Controller2504
The NAS port type:
Wireless - IEEE 802.11
The NAS port:
13
The RADIUS client:
The client friendly name:
Wifi_2504_1. 5
The client IP address:
192.168.1.5
The authentication details:
Connection request policy name:
All users are using Windows authentication
Name of web strategy:
-
The authentication provider:
Windows
The authentication server:
Dc.aoto.com
The authentication type:
PEAP
EAP types:
-
Account session identifier:
-
Logging results:
Accounting information written to the local log files,
Reason code:
16
Reason:
Because user credentials do not match, the authentication failure, provide the user name is not mapped to an existing user account or password mistake,
CodePudding user response:
There are a great god help solve?CodePudding user response:
Windows 7 system, check the NPS in free field, can't there is loophole,