I have set up a Radius-server on Windows Server 2008 R2, and under NPS (Local)>Policies there is a policy that allows member of a AD-group to connect to the network using PAP/SPAP. The members of this group is users added with the MAC from the unit (IP-phones, printers etc) as both username and password.

The config of the switch is as followed:

; J9775A Configuration Editor; Created on release #YA.15.16.0004
; Ver #06:04.9c.63.ff.37.27:12
hostname "HP-2530-48G"
radius-server host 192.168.1.20
snmp-server community "public" unrestricted
aaa authentication port-access eap-radius
aaa port-access authenticator 10
aaa port-access authenticator active
vlan 1
name "DEFAULT_VLAN"
untagged 1-52
ip address 192.168.1.10 255.255.255.0
 

But when I connect the computer or the IP-phone (which is the two units I added to the AD-group), they don't get contact. The log says that the domain of the computer does not exist (which is the computername, since the computer isn't member of any domain), and with the IP-phone I don't get any feedback what so ever in the log, it just won't connect.

Someone that's familiar with this?

Maybe something is wrong with the NPS-networkpolicy?

Maybe some settings on the useraccount in AD must be changed from the default settings?

Maybe something has to be done differently on the switch?

Hopefully somebody has an idea or two :-)

And of course, ask if there is something I have left out of information or there is anything I should add!