VPN not in domain authenticating with IAS

  • Thread starter Thread starter Sarah
  • Start date Start date
S

Sarah

I set up a test site and got a client to dial up and use L2TP to connect to
a VPN Server that connected to an IAS server that connected to a DC (Active
Directory) and authenticated the client machine.

Question: Does the VPN server have to be a member of the IAS servers docain.
When i removed it from the domain, i could no longer authenticate. I get
error 792.

Any help/advice appreciated.

Thanks
Sarah
 
Well the answer is yes and no! If you want to authenticate to Active
Directory and use the AD remote access policy, the RRAS server must be a
member of the AD RAS and IAS servers group. The DC on AD does the actual
authentication (similar to RADIUS).

If the RRAS server is not a member, the client will have to authenticate
to the
local SAM database of the RRAS server.
 
Thanks Bill,
this is what I thought, but I wanted to double check and make sure I hadn't
missed anything.

Sarah
 
Back
Top