Good afternoon all, I'm trying to set up NPS on our Wi-Fi network with two objectives:

1) user authenticates once per device, without the need for captive portal
2) login information also passed to our content filtering device for authentication and policy application

So far I've got the authentication side working OK; I've set up the NPS RADIUS client on our Aruba controller with shared secret etc. This authenticates the user correctly and I can see the login information in the NPS text file log stored in C:\Windows\system32\LogFiles

In the past I've found that the Aruba controller is slow to send accounting information so I was hoping to use the option below in NPS instead (part of Connection Request Policies):

"Forward accounting requests to this remote RADIUS server group"

However it doesn't seem to be doing anything at all. The Remote RADIUS I've configured doesn't receive any traffic, nor do I see anything relating to port 1813 in Wireshark when captured on the NPS server. 

I've tried a few other solutions I've seen elsewhere:

- configure Accounting to a file
- remove Accounting to a file
- configure Accounting on the Aruba profile

Server OS is 2012 R2 Standard if that helps.

Any thoughts much appreciated as I can't find any other configuration options to try, has anyone actually got this feature working in their environment?

Hi Gerrard,

According to your description, here is my understanding:
Aruba controller send requests to a NPS server, and you want the NPS server to forward requests to remote RDIUS server group. But it is authenticating on its own, not forwarding.

I made a test and succeeded.

On NPS server, ensure the client could match the conditions configured in Connection Request Policy.

On remote Radius servers, configure the NPS server as Radius client.

Best Regards,

Leo