Windows 2003 AD Native and VPN

[JD]

I have two servers: (1) Windows 2003 DC (AD/Native) (2) Windows 2003 VPN
Server

Note: RADIUS is NOT installed, but VPN server is still authenticating
against DC (the users are not local on VPN server).

I've been reading that you need RADIUS in order to authenticate domain users
from the outside, IF the VPN server is separate from the domain controller.
However, in my setup, my domain users are connecting to my VPN server and
authenticating to the DC WITHOUT Radius installed anywhere.

** Question, why is everyone saying I need RADIUS when my VPN Server (which
is part of Windows 2003 AD / Native) is authenticating my domain users just
fine?

 

[Manjari Bonam [MSFT]]

Here your VPN server might be already in the domain and hence it is
validating the domain users.

But if your VPN server is not in the domain, then you need a RADIUS server
to authenticate the domain users. Also if you want to enforce some policies
on the VPN server about the timings/different restrictions on the users
and/or groups etc /Accounting logs and others can be leveraged onlky if you
have a RADIUS but not otherwise.

Hope this is clear.

 

[JD]

Thank you for clearing that up.

Here your VPN server might be already in the domain and hence it is
validating the domain users.

But if your VPN server is not in the domain, then you need a RADIUS server
to authenticate the domain users. Also if you want to enforce some policies
on the VPN server about the timings/different restrictions on the users
and/or groups etc /Accounting logs and others can be leveraged onlky if you
have a RADIUS but not otherwise.

Hope this is clear.