Re: Windows 2003 AD Native and VPN

From: Manjari Bonam [MSFT] (manjarib_at_online.microsoft.com)
Date: 04/20/04

• Next message: Jason Miller: "Re: ipsec service stops?"
• Previous message: Christian Hagemann: "Re: Bizzare & Crazy VPN Troubles"
• In reply to: JD: "Windows 2003 AD Native and VPN"
• Next in thread: JD: "Re: Windows 2003 AD Native and VPN"
• Reply: JD: "Re: Windows 2003 AD Native and VPN"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 20 Apr 2004 16:58:39 +0530

Here your VPN server might be already in the domain and hence it is
validating the domain users.

But if your VPN server is not in the domain, then you need a RADIUS server
to authenticate the domain users. Also if you want to enforce some policies
on the VPN server about the timings/different restrictions on the users
and/or groups etc /Accounting logs and others can be leveraged onlky if you
have a RADIUS but not otherwise.

Hope this is clear.

-- 
- Manjari
This posting is provided "AS IS" with no warranties, and confers no rights.
"JD" <jd@mail.com> wrote in message
news:OWAJUznJEHA.2680@TK2MSFTNGP11.phx.gbl...
> I have two servers:  (1)  Windows 2003 DC (AD/Native)  (2)  Windows 2003
VPN
> Server
>
> Note:  RADIUS is NOT installed, but VPN server is still authenticating
> against DC (the users are not local on VPN server).
>
> I've been reading that you need RADIUS in order to authenticate domain
users
> from the outside, IF the VPN server is separate from the domain
controller.
> However, in my setup, my domain users are connecting to my VPN server and
> authenticating to the DC WITHOUT Radius installed anywhere.
>
> ** Question, why is everyone saying I need RADIUS when my VPN Server
(which
> is part of Windows 2003 AD / Native) is authenticating my domain users
just
> fine?
>
>

---

• Next message: Jason Miller: "Re: ipsec service stops?"
• Previous message: Christian Hagemann: "Re: Bizzare & Crazy VPN Troubles"
• In reply to: JD: "Windows 2003 AD Native and VPN"
• Next in thread: JD: "Re: Windows 2003 AD Native and VPN"
• Reply: JD: "Re: Windows 2003 AD Native and VPN"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Windows 2003 AD Native and VPN ... but VPN server is still authenticating ... I've been reading that you need RADIUS in order to authenticate domain users ... (microsoft.public.isa.vpn) Windows 2003 AD Native and VPN ... but VPN server is still authenticating ... I've been reading that you need RADIUS in order to authenticate domain users ... (microsoft.public.win2000.ras_routing) Re: Windows 2003 AD Native and VPN ... But if your VPN server is not in the domain, then you need a RADIUS server ... to authenticate the domain users. ... > authenticating to the DC WITHOUT Radius installed anywhere. ... (microsoft.public.win2000.ras_routing) Re: Windows 2003 AD Native and VPN ... > But if your VPN server is not in the domain, then you need a RADIUS server ... > to authenticate the domain users. ... > have a RADIUS but not otherwise. ... >> I've been reading that you need RADIUS in order to authenticate domain ... (microsoft.public.isa.vpn) Re: Windows 2003 AD Native and VPN ... > But if your VPN server is not in the domain, then you need a RADIUS server ... > to authenticate the domain users. ... > have a RADIUS but not otherwise. ... >> I've been reading that you need RADIUS in order to authenticate domain ... (microsoft.public.win2000.ras_routing)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.vpn  > 2004-04