VPN not in domain authenticating with IAS

S

Sarah

I set up a test site and got a client to dial up and use L2TP to connect to
a VPN Server that connected to an IAS server that connected to a DC (Active
Directory) and authenticated the client machine.

Question: Does the VPN server have to be a member of the IAS servers docain.
When i removed it from the domain, i could no longer authenticate. I get
error 792.

Any help/advice appreciated.

Thanks
Sarah
 
B

Bill Grant

Well the answer is yes and no! If you want to authenticate to Active
Directory and use the AD remote access policy, the RRAS server must be a
member of the AD RAS and IAS servers group. The DC on AD does the actual
authentication (similar to RADIUS).

If the RRAS server is not a member, the client will have to authenticate
to the
local SAM database of the RRAS server.
 
S

Sarah

Thanks Bill,
this is what I thought, but I wanted to double check and make sure I hadn't
missed anything.

Sarah
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IAS Server Event ID 3 Reason Code 6 Reason= The server is unavail 1
VPN server talking to ISA server in order to authenticate on the internal LAN 2
VPN server without domain controller 0
IAS and NT4 domain 1
Can not authenticate 2
VPN / RADIUS question 1
Non-domain Cert-based 802.1x using IAS 3
RADIUS and IAS with VPN 5

Top