Hi Patrick,
I'm not an expert on AD administration, so this may not represent
exactly what you want, but I tried this out on a test server here. In
AD, I created a new group called 'Test Group', and two test users 'User
A' and 'User B'. User A is a member of 'Domain Users' and User B is a
member of 'Test Group' (they don't belong to any other groups). Both
users are set to 'Allow Access' on the 'Dial-in' tab.
Using the IAS management panel, I created a new Remote Access Policy,
set to 'Grant', whose only condition was 'Windows-Groups', matching
'Domain Users'. The profile was set to allow only MS-CHAPv2 (didn't try
it with MS-CHAPv1 or CHAP). I had to give it ~10 seconds to apply the
new policy, but User A was then granted access, while User B was denied.
I then edited the policy to match 'Test Group' instead of 'Domain
Users'. User A was then being denied while User B was granted access.
At least in this very simple test, it seems to work. I can't think of a
reason why it would start to deny access after adding a new condition.
David
Patrick Fowler wrote:
I'm having the issues making the remote access policy. Currently the only way
I got it to work is by using day-time-restrictions in the policy conditions. I
would like to limit access to user groups but when I add a user group to the
policy the authentication doesn't work. How is your policy setup?
--
David Schnur
Dartware, LLC
http://www.dartware.com
____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]
