Hey all, Anyone have experience with one Microsoft IAS server handling two types of access? Mainly PPP and Login and keeping the Login to a select group? Here's my scenerio and then my issue.
Scenerio, Want to allow high end users privilged login access to a large volume of routers and want IAS Radius to handle authentication (have about 120 routers). Also have a Pix and A dial in gateway in which I need to provide PPP access to remote users to dial into the network. I do not want PPP users to gain privileged access to login to the routers but I do want login router users to gain PPP access into the network. So effectively the Router users will have both PPP and Login to administer the routers and the PPP users will just get remote access to the network vial dial in or VPN. We are using IAS on Windows 2K3 in Mixed Mode on a DC.
Issue: Radius for Login is working and PPP for Login is working. The issue is my ppp users are given access to privileged login to the Routers (big problem). I set up some Remote Access policies setting up a group for Router Login and a Group for PPP access but when I deny PPP access group it denies them from authenticating for dialup network access (the other problem).
I understand that you can edit the profile to tweak some services to enable 1 IAS server to effectively determine access for two types of service without comprimising the router security.