That is pretty much the same results I have had. My account get authenticated (domain admin) and the other account (user) is denied.
Patrick Fowler, CCSP Network Engineer, Crocs Inc. Extreme Network Associate # 10128 ShoreTel Certified Installer -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of David Schnur Sent: Monday, September 29, 2008 1:34 PM To: InterMapper Discussion Subject: Re: [IM-Talk] RE: Radius Authentication using IMAuth Hi Patrick, I'm not an expert on AD administration, so this may not represent exactly what you want, but I tried this out on a test server here. In AD, I created a new group called 'Test Group', and two test users 'User A' and 'User B'. User A is a member of 'Domain Users' and User B is a member of 'Test Group' (they don't belong to any other groups). Both users are set to 'Allow Access' on the 'Dial-in' tab. Using the IAS management panel, I created a new Remote Access Policy, set to 'Grant', whose only condition was 'Windows-Groups', matching 'Domain Users'. The profile was set to allow only MS-CHAPv2 (didn't try it with MS-CHAPv1 or CHAP). I had to give it ~10 seconds to apply the new policy, but User A was then granted access, while User B was denied. I then edited the policy to match 'Test Group' instead of 'Domain Users'. User A was then being denied while User B was granted access. At least in this very simple test, it seems to work. I can't think of a reason why it would start to deny access after adding a new condition. David Patrick Fowler wrote: > I'm having the issues making the remote access policy. Currently the only > way I got it to work is by using day-time-restrictions in the policy > conditions. I would like to limit access to user groups but when I add a > user group to the policy the authentication doesn't work. How is your policy > setup? -- David Schnur Dartware, LLC http://www.dartware.com ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED]
