That helped a lot. I got it working. Thanks. Patrick Fowler, CCSP Network Engineer, Crocs Inc. Extreme Network Associate # 10128 ShoreTel Certified Installer
-----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Manickaraja Arumugam Sent: Tuesday, September 30, 2008 12:16 AM To: InterMapper Discussion Subject: RE: [IM-Talk] RE: Radius Authentication using IMAuth HI Patrick, In My setup Multiple user belonging to the Assigned group able to login simultaneously. I have used the below policy conditions. 1. Windows Group "AD user Group" 2. Authentication type "MS-CHAPv1" 3. NAS-IP address "X.x.x.x" - IP Address of the InterMapper Server (IMDC). In Edit Profile TAB 1. Authentication - Enabled the MS-CHAP1 2. In Advanced - Framed Protocol -> PPP and Service Type -> Authenticate Only. 3. dial-in constrains - I have not enabled any options. IMDC server configuration also am using only MS-CHAPv1. Hope this solves your problem. Regards Manicka Raja Arumugam A R I C E N T -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Fowler Sent: Tuesday, September 30, 2008 1:27 AM To: InterMapper Discussion Subject: RE: [IM-Talk] RE: Radius Authentication using IMAuth That is pretty much the same results I have had. My account get authenticated (domain admin) and the other account (user) is denied. Patrick Fowler, CCSP Network Engineer, Crocs Inc. Extreme Network Associate # 10128 ShoreTel Certified Installer -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of David Schnur Sent: Monday, September 29, 2008 1:34 PM To: InterMapper Discussion Subject: Re: [IM-Talk] RE: Radius Authentication using IMAuth Hi Patrick, I'm not an expert on AD administration, so this may not represent exactly what you want, but I tried this out on a test server here. In AD, I created a new group called 'Test Group', and two test users 'User A' and 'User B'. User A is a member of 'Domain Users' and User B is a member of 'Test Group' (they don't belong to any other groups). Both users are set to 'Allow Access' on the 'Dial-in' tab. Using the IAS management panel, I created a new Remote Access Policy, set to 'Grant', whose only condition was 'Windows-Groups', matching 'Domain Users'. The profile was set to allow only MS-CHAPv2 (didn't try it with MS-CHAPv1 or CHAP). I had to give it ~10 seconds to apply the new policy, but User A was then granted access, while User B was denied. I then edited the policy to match 'Test Group' instead of 'Domain Users'. User A was then being denied while User B was granted access. At least in this very simple test, it seems to work. I can't think of a reason why it would start to deny access after adding a new condition. David Patrick Fowler wrote: > I'm having the issues making the remote access policy. Currently the only > way I got it to work is by using day-time-restrictions in the policy > conditions. I would like to limit access to user groups but when I add a > user group to the policy the authentication doesn't work. How is your policy > setup? -- David Schnur Dartware, LLC http://www.dartware.com ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] "DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error,please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus." ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED] ____________________________________________________________________ List archives: http://www.mail-archive.com/intermapper-talk%40list.dartware.com/ To unsubscribe: send email to: [EMAIL PROTECTED]
