IAS RADIUS server in root domain servicing RRAS clients in subdomains

[eddiec]

According to Transcender (Exam 70-297) you can have an IAS RADIUS server in
a root domain servicing RRAS clients in subdomains.

Specifically, the scenario is that you have a head office and other branch
offices that are subdomains of the head office domains. RRAS servers exist
in all branch offices. The business objective is that RRAS servers should be
administrered by local IT staff but RRAS policy should be determined
centrally in the head office. The correct Transcender solution is to place
an IAS server in the head office that will act as a RADIUS server for the
various RRAS servers.

The problem that I have with this is that I do not understand how the RADIUS
server in the head office (root domain) is going to access the Active
Directory account information for users dialling in to the local office
subdomain? How can this server authenticate users in a different domain?

Any assistance would be much appreciated.

TIA

eddiec

 

[Srinidhi Viswanatha [MSFT]]

The RADIUS server in the head office is not going to authenticate users of a
different domain...only local users of the radius server and users of the
domain to which the radius server belongs get access.

 

[Srinidhi Viswanatha [MSFT]]

authentication of remote dial-in users from another domain is possible only
if the Radius server's domain trusts the user's domain.

--
Thanks
Srinidhi

This posting is provided "AS IS" with no warranties and confers no rights.

 

[eddiec]

Aha, but the parent domain by default in AD establishes a two way trust with
the child domain so therefore Transcender are right that the RADIUS server
in the root domain would authenticate users in the regional offices.

eddiec