NPS configuration

Question

Hi,
I have configure NPS on Windows 2019 SE for authentication with AD for access WiFi. The domain on which it was installed is a pre-2000 UPN domain.mil.it, while the new UPN name is domain.local and domain.it.

When the domain user connects to the Wifi for the first time, they are asked to enter their domino credentials:

EVENT ID 4400
A LDAP connection with domain controller DC02.domino.local for domain DOMINIO.LOCAL is established.

EVENT ID 6272
Network Policy Server granted access to a user.

User:
Security ID: DOMINIO.MIL.IT\user
Account Name: user
Account Domain: DOMINIO.LOCAL
Fully Qualified Account Name: DOMINIO.LOCAL\user

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 88-5B-DD-55-F5-96:WiFi-employee
Calling Station Identifier: B0-C0-90-59-C7-86

NAS:
NAS IPv4 Address: 192.168.3.216
NAS IPv6 Address: -
NAS Identifier: Area IT
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 0

RADIUS Client:
Client Friendly Name: NOME-LAN
Client IP Address: 192.168.3.216

Authentication Details:
Connection Request Policy Name: NOME-WiFI
Network Policy Name: NOME-WiFI
Authentication Provider: Windows
Authentication Server: DC02.dominio.local
Authentication Type: PEAP
EAP Type: Microsoft: Secured password (EAP-MSCHAP v2)
Account Session Identifier: 33354336354133463045353245314337
Logging Results: Accounting information was written to the local log file.

But we would like to connect with the same syntax of the credentials they use for office 365 (customer request) ******@dominio.it, doesn't work. i userd Attribute "User-Name" with this syntax :
-Find: @dominio.it
-Repalce with:

in this way I receive a logo similar to the previous one, but it does not work. While if I didn't insert any attribute the translation of the names was wrong.

EVENT ID 6273
Network Policy Server granted access to a user.

User:
Security ID: DOMINIO.MIL.IT\user
Account Name: user
Account Domain: DOMINIO.LOCAL
Fully Qualified Account Name: DOMINIO.LOCAL\user

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 88-5B-DD-55-F5-96:WiFi-employee
Calling Station Identifier: B0-C0-90-59-C7-86

NAS:
NAS IPv4 Address: 192.168.3.216
NAS IPv6 Address: -
NAS Identifier: Area IT
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 0

RADIUS Client:
Client Friendly Name: NOME-LAN
Client IP Address: 192.168.3.216

Authentication Details:
Connection Request Policy Name: NOME-WiFI
Network Policy Name: NOME-WiFI
Authentication Provider: Windows
Authentication Server: DC02.dominio.local
Authentication Type: PEAP
EAP Type: Microsoft: Secured password (EAP-MSCHAP v2)
Account Session Identifier: 38414232353138443132393338373143
Logging Results: Accounting information was written to the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

Answer 1

Hi,

Thanks for posting in Q&A platform.

Based on provided information, please kindly check the authentication type on client and the NPS server was configured consistently.

As for Event 6273, this event log might be caused by one of the following conditions:

The user does not have valid credentials

The connection method is not allowed by network policy

The network access server is under attack

NPS does not have access to the user account database on the domain controller

NPS log files or the SQL Server database are not available

For more detailed methods regarding how to troubleshoot Event ID 6273, please refer to the following article:

Event ID 6273 — NPS Authentication Status

Best Regards,
Sunny

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.