Re: Conflicting IAS remote access policies problem

You need to define more specific remote access policies.
Group membership is not good enough (especially when you are members of both groups you are triggering on).
Add details to the remote access policy that are more specific.
The way RADIUS works is that you will authenticate based on the *first* matching policy.
For example, to only apply the wireless policy to wirless connection, add the NAS-Port_Type to be Wireless - IEEE 802.11 condition
Brian


"ttripp" <ttripp@xxxxxxxxxxxxxxxxx> wrote in message news:942d1059-df30-47b0-b1b3-6303a7c3e03a@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
This concerns a IAS RADIUS server. I have a pre-existing IAS remote
access policy that authenticates all wireless users and allows them to
connect to my companies wireless network. I am a member of this
group.

I have created a second policy to allow exec priviledge logins to my
Cisco routers. I set the policy to allow anyone who is a member of
the Domain Admins group this right. I am a member of this group as
well.

When the wireless policy is listed first, and I attempt to login to my
Cisco router, I get an "IAS_INVALID_AUTH_TYPE" error in my IAS log,
but I can connect to my wireless network just fine. If I reverse the
order of the policies, I can log in to the Cisco router just fine, but
then I get the "IAS_INVALID_AUTH_TYPE" error when I connect to my
wireless network.

The logs also show that when the login is failing on the first policy,
it does not fall through to the second policy.

Is there any way around this? I want to stay in both the wireless
users and the Domain Admins groups; can I configure IAS to go down my
list of policies until I either reach one that accepts my login, or
I'm rejected by all policies? Thanks.

.

Relevant Pages

  • Re: CRB Checks for 16 year olds
    ... "GAGS" wrote in message ... Because its the policy of the association we are all members of. ... If I was a member of another association, Guiding perhaps and signed a similar form I would follow their policies. ... It comes back with a failure so she can not become a YL, can she still remain as a member of the guide association but just not become a YL? ...
    (uk.rec.scouting)
  • Re: policy confusement
    ... domain policy is loaded. ... There are two components to every GPO - Computer settings and User ... OUs and policies I would strongly suggest ... > The only OU member in the DC OU is the machine that has run dcpromo. ...
    (microsoft.public.win2000.networking)
  • Re: Conflicting IAS remote access policies problem
    ... What I have is 2 remote policies. ... My second policy is for wireless guest via web ... I am a member of this ...
    (microsoft.public.security)
  • Re: Group Policy loading
    ... Thanks for the help David. ... > It appears there are no issues getting policies to manually apply once you ... > are any known issues with using USB Wireless NICs. ... >> Computer Policy Refresh has completed ...
    (microsoft.public.win2000.group_policy)
  • Serialization Issues and bloated objects
    ... One of the object I am serializing is a class I created called Member ... Policy objects, way more than the original object included. ... public class Policies: List ...
    (microsoft.public.dotnet.framework)