Re: IAS authentication for entire domain
From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 01/09/05
- Next message: Sam Salhi [MSFT]: "Re: Microsoft Radius Server"
- Previous message: Sam Salhi [MSFT]: "Re: Cisco PIX and IAS 2003 for VPN"
- In reply to: Jeff Thornburg: "IAS authentication for entire domain"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 8 Jan 2005 18:22:43 -0800
You don't need to add users to a specific group to authenticate them
successfully
All you need is to have your users either be allowed dial in permissions or
controlled by remote access policies (from the dial in tab on the user
object in AD, the default in Native mode domains). This will ensure your
users are allowed access
The group assignment is designed to control access conditionally. Or in
other words: Allow you to match a policy based on group membership. It's not
there to allow or deny access (but effectively if you add that as a
condition and the user doesn't match it or any other policy he is rejected)
Hope this helps
--
=============================================
This posting is provided "AS IS" with no warranties, and confers no rights
=============================================
"Jeff Thornburg" <jeff.thornburg@cpcc.edu> wrote in message
news:142101c4f356$dfe6fa10$a501280a@phx.gbl...
>I have a need to allow all users in a domain to
> authenticate through IAS Remote Access Policy. Can I
> assign an OU or domain to the Remote Access Policy
> instead of a group? I'm trying to eliminate the overhead
> of adding each new user to the specific group
>
> Thanks for your assistance,
>
> Jeff.
- Next message: Sam Salhi [MSFT]: "Re: Microsoft Radius Server"
- Previous message: Sam Salhi [MSFT]: "Re: Cisco PIX and IAS 2003 for VPN"
- In reply to: Jeff Thornburg: "IAS authentication for entire domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
