On page 5 of the following document to set up NPS server with areohive:
It is asking for a “attribute number”. However extreme networks cloud does not have this settings on the user profile section. The user profile appears to have no attribute number.
I see this post,
Which indicates that if you select “Apply a different user profile to various clients and user groups.” you can then add attribute numbers to the profiles.
So am i right in assuming if i only want one wireless profile to apply to this SSID, i can omit this RADIUS attribute ( Tunnel-Pvt-Group-ID: ) in the NPS server and it will just use the default one?
i’m going to try it that way now. Thanks for the document, even though its from 2016 i find most of it still applies.
Best answer by npsisalright
Thanks for that. I got it all sorted out today i think.
Sure enough, i didnt need any of the radius attributes, because aerohive is handling the vlan stuff. So i was able to omit all those properties. seems to work with no radius attributes at all.
if anyone else needs to do this as well, other important parts not covered in the guide are:
- need to generate a computer based certificate and get NPS to use that (right click nps server and go to properties to see its current cert). This has to be generated on the CA you use to register the computer accounts. just request a certificate on nps server using MMC.
- had to make this registry change to fix a bug from 2017 https://enterinit.com/authentication-failed-due-to-a-user-credentials-mismatch-after-installing-august-2017-updates-on-an-nps-server/