This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I am trying to setup a NPS that uses RADIUS for our Wi-Fi. The logon name and password should be the computers MAC address. I have created the new user in AD with the mac as the account name and password. The computer tries to connect to the Wi-Fi, and the logs show it giving the right information. I get my connection request policy back, but the Network Policy will not show up in the log. Therefore, the computer cannot get connected to Wi-Fi.
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: Domain\60452e38fb8a
Account Name: 60452e38fb8a
Account Domain: Domain
Fully Qualified Account Name: Domain\60452e38fb8a
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 10f3119946a0
Calling Station Identifier: 60452e38fb8a
NAS:
NAS IPv4 Address: 10.x.x.12
NAS IPv6 Address: -
NAS Identifier: 2504
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 1
RADIUS Client:
Client Friendly Name: WLC
Client IP Address: 10.x.x.12
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: SERVER2.Domain
Authentication Type: PAP
EAP Type: -
Account Session Identifier: 36363930303739392F36303A34353A32653A33383A66623A38612F32313137
Logging Results: Accounting information was written to the local log file.
Reason Code: 48
Reason: The connection request did not match any configured network policy.
Here is my Network Policy - "MAC Authentication Policy":
Conditions:
NAS Port Type Wifeless - IEEE 802.11
Calling Station ID XXXXXXXXXXXX
Windows Groups Domain\Wifi-MAC-filtering
Settings:
Authentication Method Unencrypted authentication (PAP,SPAP)
Access Permission Grant Access
Framed-Protocol PPP
Service-Type Framed
Encryption Policy Disabled
I think I need help forming the Network Policy. Any help would be appreciated.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
Hey Gary,
I was way overthinking my WLAN config on my controller. Just had to set it up like it already is with PSK and add the NPS to it. The first time you connect it asks for the PSK like any other network and then checks the NPS to see if you have access. This has completely cleared up any extra configuration I need to do on clients and work brilliantly. Going to have to do a step by step for this because now I have to replicate it three more times.
Hello Chris,
That will work if you can manage the PSK distribution to the clients. However, if you can manage to do that, it would probably be equally easy (and more maintainable) to actually use 802.1X authentication,
Gary