Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Dial-Up using IAS

Status
Not open for further replies.
vianceadmin

vianceadmin

MIS
May 1, 2007
16
US
Strange issue. I have a Windows 2003 server with RAS and IAS installed. IAS to authenticate VPN and wireless connections and RAS to authenticate dial-up connections. When both are installed, all the remote access policies show up in both apps.

I have the VPN policy as the first policy, the wireless policy as the second and the dial-up as the third. VPN and wireless work but dial-up does not. I get a message about "The user attempted to use an authentication method that is not enabled on the matching remote access policy."

If I move the dial-up policy up to number one in the order it works...Shouldn't it just check the first policy for a match, if no match, check the second, and if no match, check the third and the third works then allow the connection? Any ideas?

Thanks in advance!!!
 
Sort by date Sort by votes
yes on the order, but, the most restrictive should be at the top.....dial-in would probably match this.
do your other rules continue to work when moving dial up to the top?

-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+

 
Upvote 0 Downvote
Most restrictive? How do I know which policy is most restrictive?

When I moved the dial-up policy to the top, the VPN and wireless policies didn't work.

I moved the dial-up policy to the 2nd spot under VPN and above wireless and they all seem to work now for some strange reason. This used to work with dial-up last...

 
Upvote 0 Downvote
how are your remote access policies set up? are you restricting by group?

if you are, my thought is, then the groups must be catch alls (such as authenticed users, or domain users) that contain all user accounts. IAS and RRAS aren't intelligent enough to read through all policies once a condition is met. When that condition is met, no further policies are read.
What this means is that if you restrict by group on all RAPs, and use domain users, since all users are members of the domain users group, they hit the first policy and stop.



-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+

 
Upvote 0 Downvote
Yes, I have a Wireless group, a dial-up group and a VPN group in AD...Which in actuality are three identical groups so I could probably just have 1 group and create 1 VPN/wireless/dialup policy in IAS for this one group...

But it works as is. There might be a time where I would want a separate group for wireless or the VPN group might have someone that the dialup group doesn't.

Didn't know that about the most restrictive groups though so I'll keep that in mind.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sue Adams
  • Locked
  • Question
Setting up a VPN to print documents to work printer in one city from home
Replies
2
Views
178
goombawaho
goombawaho
peterpann
  • Locked
  • Question
dial-up modem broadband
Replies
0
Views
54
peterpann
peterpann
3000gt
  • Locked
  • Question
Can Procomm Plus be used to dial in to a PBX without a POTS line?
Replies
2
Views
141
edfair
edfair
grazzhoppa
  • Locked
  • Question
Having trouble setting up my VPN
Replies
2
Views
89
questorfla
questorfla
henllys
  • Locked
  • Question
How to set up remote access to a heatmeiser wifi programmable thermost
Replies
2
Views
60
henllys
henllys

Part and Inventory Search

Sponsor

Back
Top