Here's how you can view a history of RADIUS logon events in native Active Directory.

Pre-requisite: Before you configure a RADIUS server role, you can start by creating a new group on AD for users (For example a group named- WFH_Users) who can authenticate using the RADIUS protocol.

RADIUS protocol is a part of Network Policy Server Role.

• 

• Step 1: Install RADIUS Server via NPS in Active Directory

• Launch the 'Server Manager' in the Windows Server Instance.

• Go to Add Roles and Features. You need to walk through the different stages of installation displayed on the left pane to finish installing.

• On the Before you Begin pane,click Next. You'll be moved to the Installation Type pane' where you should select type of installation—Role based or Feature based and click Next.

• When you move to the 'Server Selection' pane, you can choose the Windows Server you want to add the role to.

  

• On the 'Server Roles' pane, select the 'Network Policy and Access Services' role from the list of server roles provided. When you move on to the 'Features' pane you can apply the default features already selected.

  

• Step 2: Register the NPS Server in Active Directory

  Go to the drop down menu under 'Tools' and select Network Policy Server.

  

• This opens up the NPS snap-in. Now you can right click the NPS tree (generally displayed as 'NPS local') and select the 'Register server in Active Directory' Option.

  

• Click 'Okay' on the confirmation dialog box that is displayed. This NPS server will now be a included in the default domain groups called "RAS and IAS Servers".

  

• Step 3: Add a RADIUS Client

A RADIUS client is a device that forwards logon and authentication requests to your NPS.

• In the NPS snap-in, expand the NPS tree to find the 'RADIUS Clients and Servers' folder. Expand this folder to view 'RADIUS Clients' and 'Remote RADIUS Server' elements within it.

  

• Right click the 'RADIUS client' element and select 'New'. This directs you to a 'New RADIUS Client' Window. In the 'Settings' tab select 'Enable this RADIUS Client'.After that you can fill in the fields- "Friendly Name'' (name of the RADIUS client you're assigning) and the 'IP/DNS Address' of the client. Finally you can set up a shared secret key manually.

  

• In the 'Advanced' tab select the 'Vendor name' associated with your RADIUS client.

• Step 4: Setup NPS Policies for Authentication

Setting up an NPS policy allows you to authenticate a distinct group of remote users against your NPS with various levels of access permissions.

• Under the NPS (Local) tree expand the 'Policies' tab. Under the 'Policies' tab, right click 'Network Policies' and select 'New'.

  

• You can name your policy and leave the 'Type of network access server' as unspecified.

  

• You can then specify rules to allow only users within a particular group (for example- WFH_Users) to be allowed to authenticate against NPS by clicking 'Add' against the 'Windows Groups' option.

  

• Against the 'Client Friendly Name' option, 'Add' the client friendly name of the RADIUS client you had specified earlier.

• On the 'Next' pane select 'Access Granted'.

  

• Step 5: Configure Accounting for NPS

• Open the NPS snap-in.

• In the console tree, click Accounting.

• In the details pane, select Configure Accounting.

  

• Step 6: Enable NPS Audit

To view a history of RADIUS logon failures in the Event Viewer, you need to enable auditing for NPS.

• In the command prompt, you can enable auditing with the following command
  auditpol /set /subcategory:"Network Policy Server" //failure:enable

• If both success and failure events are enabled, the output should be:

System audit policy

Category/Subcategory     Setting

Logon/Logoff

Network Policy Server     Failure

• Step 7: View RADIUS Logons in Event Viewer.

When a user who has been granted remote access, and has been authenticated, the event is recorded in the Event Viewer.

• Open 'Event Viewer' and expand 'Security Logs'. Expand the 'Logon/Logoff' tab and after that expand the 'Network Policy Server' tab.

• • Select 'Filter Current Log' from the right pane and search for the following Event IDs
    1. EventID 6272 - Network Policy Server granted access to a user.
    2. EventID 6273 - Network Policy Server denied access to a user.
    3. EventID 6274 - Network Policy Server discarded the request for a user.
    4. EventID 6275 - Network Policy Server discarded the accounting request for a user.
    5. EventID 6276 - Network Policy Server quarantined a user.
    6. EventID 6277 - Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.
    7. EventID 6278 - Network Policy Server granted full access to a user because the host met the defined health policy.
    8. EventID 6279 - Network Policy Server locked the user account due to repeated failed authentication attempts.
    9. EventID 6280 - Network Policy Server unlocked the user account.
  

With this information you can view the entire history of RADIUS logons.