1

I'm trying to setup an NPS server as RADIUS server for Wifi network of employers of my company. All mobile devices could connect to this networks using their domain user/pass. My problem is to let Windows computer (not in domain!) use this network, because I get this error from NPS logs:

"SERVERNAME",
"IAS",
09/28/2015,
09:00:44,
3,
...
"WIFI_STAFF_Policy",
265

Using the log specs, I found that this packet is a "Access-Reject", and the "Reason code" is 265 (not declared in MS log specs). Googoling I found that "265 Reason code" is a certificate error, but I did not understand if it is a client error or a server error.

Obviously I can not add a certificate to all non-domain computers and moreover I don't want to buy a certificate for my NPS.

If this is a client error I know I could set PEAP authentication to do not convalidate the certificate, but this is a very difficult option because I should setup every computer manually.

Is there any way to do not use certificate convalidation FROM NPS Network policy configuration?

Policy configuration

Tobia
  • 1,210
  • 8
  • 37
  • 73
  • I solved this error installing the NPS server certificate to the client's machine... obviously this can not be a definitve solution, but now I'm sure that this is a certificate trouble. – Tobia Sep 30 '15 at 06:05

1 Answers1

0

The reason your non-domain client cannot connect is because your client doesn't trust the certificate being used by the network policy configured on your NPS server.

Is there any way to do not use certificate convalidation FROM NPS Network policy configuration?

No, and here's why. Suppose you could configure your NPS server to change the client's behavior even though your client doesn't trust the server's certificate. If I'm an attacker, I could set up my NPS server with a certificate you don't trust and configure it to force your client to connect to my server even though you don't trust my certificate. That would be bad.

You have two options to connect a wireless client to a PEAP-secured wireless network using a certificate the client does not trust:

  1. Install the NPS server's certificate on the client
  2. Edit the wireless connection on the client and in the Protected EAP properties specific that the client should not Validate server certificate: enter image description here
I say Reinstate Monica
  • 3,100
  • 7
  • 23
  • 51