RAS win2k

[techhus]

I like to set up a Romote access server for our remote clients. Basicly the remote clients would dial in to the RAS.
VPN is not an option(we can' get a static ip from our isp)

we already got a domian controller that authenticates users.
Should our RAS also become a second DC or just a member server. If the answer is yes to member server, then how would remote clients be authenticated?

Should the RAS member server be on the same domain as our Domain controller, or can two different domains work?

I basicly asking for the best suggustion on how to make this RAS DAIL IN work.

 

[alicep]

If you want the users to access resources on your domain, then yes, put the RAS computer in the same domain is easiest. The users will need a user account set up in the domain. When, they dial in, the username and password will be authenticated from the domain. RAS does not have to be a domain controller.

Microsoft kb article 300434 HOW TO: Allow Remote Users to Access Your Network in Windows 2000

Good luck. Alice

 

[enigma174]

I've done this at our office. It's actually quite easy. I just set up the RAS as if it were a workstation (except i loaded windows 2000 server), including all the software that would be on a workstation.
Then the only thing you need to do is make sure that terminal services is installed (from add/remove windows components) and when it asks you what mode you want you select, select "Application Server".
You don't need to worry about licensing unless you have win9x boxes connecting, win2k and xp come with their own CALs.
Users then just log in like any other workstation - roaming profiles will work if set up right, but for all intents and purposes the user is sitting in front of the terminal server.

other than that, just make sure that port 3389 on your firewall is forwarding in the right direction and your users know the external ip address of your network.