Conflicting IAS remote access policies problem
- From: ttripp <ttripp@xxxxxxxxxxxxxxxxx>
- Date: Thu, 14 Feb 2008 11:19:06 -0800 (PST)
This concerns a IAS RADIUS server. I have a pre-existing IAS remote
access policy that authenticates all wireless users and allows them to
connect to my companies wireless network. I am a member of this
group.
I have created a second policy to allow exec priviledge logins to my
Cisco routers. I set the policy to allow anyone who is a member of
the Domain Admins group this right. I am a member of this group as
well.
When the wireless policy is listed first, and I attempt to login to my
Cisco router, I get an "IAS_INVALID_AUTH_TYPE" error in my IAS log,
but I can connect to my wireless network just fine. If I reverse the
order of the policies, I can log in to the Cisco router just fine, but
then I get the "IAS_INVALID_AUTH_TYPE" error when I connect to my
wireless network.
The logs also show that when the login is failing on the first policy,
it does not fall through to the second policy.
Is there any way around this? I want to stay in both the wireless
users and the Domain Admins groups; can I configure IAS to go down my
list of policies until I either reach one that accepts my login, or
I'm rejected by all policies? Thanks.
.
- Follow-Ups:
- Re: Conflicting IAS remote access policies problem
- From: Brian Komar
- Re: Conflicting IAS remote access policies problem
- Prev by Date: Re: in defender: why is there no 'always allow' status
- Next by Date: Re: in defender: why is there no 'always allow' status
- Previous by thread: Re: in defender: why is there no 'always allow' status
- Next by thread: Re: Conflicting IAS remote access policies problem
- Index(es):
Relevant Pages
|
