Re: IAS
From: Stefan Buchman (stefan2002b_at_yahoo.com)
Date: 04/07/04
- Next message: Cary Shultz [A.D. MVP]: "Re: Blocking a group of users from logging onto a wkstn."
- Previous message: Stefan Buchman: "Re: Windows 2000 and Access Database"
- In reply to: AJD: "IAS"
- Messages sorted by: [ date ] [ thread ]
Date: 7 Apr 2004 15:27:56 -0700
You should be able to create these logins in AD and then lock them
down through Group Policy denying them the 'Log in Interactively'
right. This will allow RADIUS to verify the credentials but the users
will be unable to login to a workstation that is a member of the
domain.
- Stefan
"AJD" <anonymous@discussions.microsoft.com> wrote in message news:<16a6901c41cab$23ebd560$a601280a@phx.gbl>...
> I'm thinking of implementing a W2K RADIUS server for our
> VPN users. I understand that the VPN server can then
> authenticate against this RADIUS server. I'd like to
> have it authenticate against active directory; however,
> some of my VPN users won't necessarily be network users.
> Therefore, yes I want to create VPN logins in AD, but I
> don't want them to have access to other network
> resources. Is there a way to create users in AD that
> can't login to the domain, but I can still authenticate
> using RADIUS?
>
> any input would be appreciated.
- Next message: Cary Shultz [A.D. MVP]: "Re: Blocking a group of users from logging onto a wkstn."
- Previous message: Stefan Buchman: "Re: Windows 2000 and Access Database"
- In reply to: AJD: "IAS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
