I'm trying to setup mac address authorization on an NPS that is already running EAP-TLS for our wireless access points. So far, I've added a user account to the local computer's store and set the username and password equal to the mac address of the computer I am trying to connect with. I've also created a new network policy, setting a condition for NAS Port Type Wireless - IEEE 802.11 OR Wireless - Other For constraints, I've checked Unencrypted authentication (PAP, SPAP) under Authentication methods I have also created a REG_DWORD value of user Identity Attribute and set it to 31 (decimal) under HKLM\System\CurrentControlSet\services\RemoteAccess\Policy When I attempt to connect with my laptop, it fails. I can see the denial record in the event log. Below is some of the error: Reason Code: 16 Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect. The only problem I can see is that the error references our domain in the Account Domain field in the error and includes DOMAIN\MAC in the Fully qualified account name field. The user account I created for the MAC address is not in AD, it is in the local store. Is this my problem? How can I get NPS to reference the local user store? I've been referencing this TechNet article: http://technet.microsoft.com/en-us/library/dd197535(WS.10).aspx

Hi, As this problem is related to NPS, I suggest you ask in Network Access Protection forum: http://social.technet.microsoft.com/Forums/en/winserverNAP/threads Thanks for your understanding. Regards, Bruce

Hi, As this problem is related to NPS, I suggest you ask in Network Access Protection forum: http://social.technet.microsoft.com/Forums/en/winserverNAP/threads Thanks for your understanding. Regards, Bruce

Thanks, I've asked the question there. I didn't notice the NPS section before.