Re: RAS Policy on Win 2000 AD
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 05/14/04
- Next message: Bill Grant: "Re: VPN and static routes re-visited"
- Previous message: jenson: "changing the default routing"
- In reply to: Michael D. Ober: "Re: RAS Policy on Win 2000 AD"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 14 May 2004 01:39:35 GMT
Ok. Glad you got it to work, but I think you pretty much discovered the same thing I
believe where you edit the Remote Access Policy "specify conditions to match" on the
IAS server and select add/Windows groups. If there was a different way let me know as
I am curious what else would work. --- Steve
"Michael D. Ober" <obermd-.@.-alum-mit-edu-nospam> wrote in message
news:SuOoc.27$ec6.32738@news.uswest.net...
> Thanks, I downloaded this document and started reading it. After a couple
> of pages, I realized that this didn't answer my actual question of how to
> use AD Security Groups to control remote access, so I went back to the IAS
> MMC interface and started poking around the policies. I discoverd a policy
> option that uses AD Security Group membership to permit or deny access.
> This is the match I needed. Created a new security group with my remote
> users as members and then configured both my IAS servers to use this group
> to permit. Tested with one of our remote users and everything worked
> perfectly. Made the same change to my backup IAS server.
>
> Mike.
>
> "Steven L Umbach" <sumbach@N0spam.ameritech.net> wrote in message
> news:eJPmBPHOEHA.556@tk2msftngp13.phx.gbl...
> > Hi Mike.
> >
> > I believe the IAS server needs to be a member of the domain in which case
> > you create the security group in Active Directory Users and Computers and
> > then use that group in your Remore Access Policy on the IAS server by
> > selecting add and then Windows groups [of course you need to add
> appropriate
> > users and maybe computers to the group]. The link below to an excellent
> > white paper from MS on 802.1X deployment in a lab may be helpful as it
> goes
> > into detail about what you are asking about in a step by step
> shion. ---
> > Steve
> >
> >
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=0f7fa9a2-e113-415b-b2a9-b6a3d64c48f5&DisplayLang=en
> > http://tinyurl.com/vz3l -- same link in case of wrap
> >
> > "Michael D. Ober" <obermd-.@.-alum-mit-edu-nospam> wrote in message
> > news:OY9mOnDOEHA.3012@tk2msftngp13.phx.gbl...
> > > I have an IAS server working as a Radius server that is registered in
> AD.
> > > How do I create a Security Group that has "Dial-In" access and then
> > publish
> > > this group to my IAS Server?
> > >
> > > Thanks,
> > > Mike Ober.
> > >
> > >
> >
> >
>
>
- Next message: Bill Grant: "Re: VPN and static routes re-visited"
- Previous message: jenson: "changing the default routing"
- In reply to: Michael D. Ober: "Re: RAS Policy on Win 2000 AD"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
