Discussion:
Radius with child domain
(too old to reply)
hanaty
2008-11-07 07:16:01 UTC
Permalink
Hi guys,

Is it possible for me to authenticate ONLY users in child domain by
installing IAS/RADIUS in the child domain(domain controller) itself?
James McIllece [MS]
2008-11-07 18:53:57 UTC
Permalink
Post by hanaty
Hi guys,
Is it possible for me to authenticate ONLY users in child domain by
installing IAS/RADIUS in the child domain(domain controller) itself?
Yes, that will work.

For NPS to have permission to access user account credentials and dial-in
properties in AD, the NPS server must be registered in AD.

This means that when you install an IAS server, you register the server in
the local domain. IAS will not have permission to access AD in the parent
domain unless you grant that access by registering the IAS server in that
domain.

And you can also configure the IAS server to proxy/forward connection
requests from other domains to the correct IAS servers, if you have the
need to do that.
--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
hanaty
2008-11-16 12:11:01 UTC
Permalink
Dear James,
Thank you for your explainations :) Actually I tried to authenticate my
wireless users against Child domain AD(PEAP-MSCHAPV2) - but no luck. So what
I did is that I install IAS/RADIUS on one of parent domain DC, install
Enterprise CA and register IAS on both parent and child domain AD. In IAS, I
add some policy to authenticate only child domain users. It works
perfectly!! Im using windows server 2003. Many thanks!!
Post by James McIllece [MS]
Post by hanaty
Hi guys,
Is it possible for me to authenticate ONLY users in child domain by
installing IAS/RADIUS in the child domain(domain controller) itself?
Yes, that will work.
For NPS to have permission to access user account credentials and dial-in
properties in AD, the NPS server must be registered in AD.
This means that when you install an IAS server, you register the server in
the local domain. IAS will not have permission to access AD in the parent
domain unless you grant that access by registering the IAS server in that
domain.
And you can also configure the IAS server to proxy/forward connection
requests from other domains to the correct IAS servers, if you have the
need to do that.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Loading...