6273 - Radius Auth fail example Expand / Collapse
Author
Message
Posted 4/6/2018 11:20:50 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 4/6/2018 11:10:04 AM
Posts: 1, Visits: 0
This example courtesy of a user WiFi login failure to an AP using RADIUS authentication.

Computer = "OURDC0099.OURORG.com";
EventCode = 6273;
EventIdentifier = 6273;
Logfile = "Security";
RecordNumber = 1192602215;
SourceName = "Microsoft-Windows-Security-Auditing";
TimeGenerated = "20180406150227.000000-000";
TimeWritten = "20180406150227.000000-000";
Type = "Audit Failure";
EventType = 5;
Category = 12552;
CategoryString = "Network Policy Server";
Message = "Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: OURORG\bmotelek
Account Name: OURORG\bmotelek
Account Domain: OURORG
Fully Qualified Account Name: OURORG.Com/Smallville/Users/Consultants/Brian Motelek

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 00-a3-8e-d3-92-00:ourorg
Calling Station Identifier: c4-d9-87-5f-c7-01

NAS:
NAS IPv4 Address: 10.103.1.17
NAS IPv6 Address: -
NAS Identifier: svwc0001
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 8

RADIUS Client:
Client Friendly Name: svwc0001
Client IP Address: 10.103.1.17

Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: Connections to other access servers
Authentication Provider: Windows
Authentication Server: OURDC0099.OURORG.com
Authentication Type: EAP
EAP Type: -
Account Session Identifier: 35616337386665382F63343A64393A38373A35663A63373A30312F343334303536
Logging Results: Accounting information was written to the local log file.
Reason Code: 65
Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.
";
InsertionStrings = {"S-1-5-21-123300112-456280006-79907194-34379", "OURORG\bmotelek", "OURORG", "OURORG.Com/Smallville/Users/Consultants/Brian Motelek", "S-1-0-0", "-", "-", "-", "00-a3-8e-d3-92-00:ourorg", "c4-d9-87-5f-c7-01", "10.103.1.17", "-", "svwc0001", "Wireless - IEEE 802.11", "8", "svwc0001", "10.103.1.17", "Use Windows authentication for all users", "Connections to other access servers", "Windows", "OURDC0099.OURORG.com", "EAP", "-", "35616337386665382F63343A64393A38373A35663A63373A30312F343334303536", "65", "The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.", "Accounting information was written to the local log file."}

Post #7467
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 7:03pm