|
Posted by ttripp on February 15, 2008, 8:58 am
If you were Registered and logged in, you could reply and use other advanced thread options
> You need to define more specific remote access policies.
> Group membership is not good enough (especially when you are members of bo=
th
> groups you are triggering on).
> Add details to the remote access policy that are more specific.
> The way RADIUS works is that you will authenticate based on the *first*
> matching policy.
> For example, to only apply the wireless policy to wirless connection, add
> the NAS-Port_Type to be Wireless - IEEE 802.11 condition
> Brian
>
>
>
>
>
> > This concerns a IAS RADIUS server. =A0I have a pre-existing IAS remote
> > access policy that authenticates all wireless users and allows them to
> > connect to my companies wireless network. =A0I am a member of this
> > group.
>
> > I have created a second policy to allow exec priviledge logins to my
> > Cisco routers. =A0I set the policy to allow anyone who is a member of
> > the Domain Admins group this right. =A0I am a member of this group as
> > well.
>
> > When the wireless policy is listed first, and I attempt to login to my
> > Cisco router, I get an "IAS_INVALID_AUTH_TYPE" error in my IAS log,
> > but I can connect to my wireless network just fine. =A0If I reverse the
> > order of the policies, I can log in to the Cisco router just fine, but
> > then I get the "IAS_INVALID_AUTH_TYPE" error when I connect to my
> > wireless network.
>
> > The logs also show that when the login is failing on the first policy,
> > it does not fall through to the second policy.
>
> > Is there any way around this? =A0I want to stay in both the wireless
> > users and the Domain Admins groups; can I configure IAS to go down my
> > list of policies until I either reach one that accepts my login, or
> > I'm rejected by all policies? =A0Thanks.- Hide quoted text -
>
> - Show quoted text -
Thanks. I was afraid I was going to have to set up a separate IAS
server just to handle the routers.
| 
XML site map