1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question regarding RAP in RRAS

Discussion in 'Training & Development' started by Theprof, Sep 22, 2010.

  1. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    I have a quick question/confirmation regarding Remote Access Policy in RRAS. It is the only software that I've never used for 291, besides that I am pretty solid so I just wanted some hints if I am missing something.

    When the RRAS server is on the domain it uses the AD user account to authenticate users where as if the RRAS server was not on the domain it uses the Local SAM to authenticate users. Now there Authentications and Authorizations. Authentications are based on the policy/settings defined for the user where as Authorization is more of a permissions to access a resource, correct?

    Now in the Dial-in properties of the user account in AD, there are three options, Deny access, Allow Access and Use Remote Access Policy settings. The Remote Access Policy setting is only available when you raise the domain functional level from mixed mode.

    If a user is denied access from the Dial-in properties of the user account... Authentication on RRAS will fail (deny) and the user won't be able to connect. If the user is allowed access then the Authentication will proceed to the server's Remote Access Policy and compare the user access to settings that are configured in RAP. If in the RAP the settings deny access the user will be denied, if allowed the user will be allowed.

    All this can become tedious to configure when multiple RRAS servers are implemented. So to have a central administration, we can implement a RADIUS server or an IAS (which is what Microsoft calls it) once we add the clients (RRAS) to IAS all RAP management is done through that server.
     
    Last edited: Sep 22, 2010
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  2. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    I don't think you are missing anything and i am not sure what your question is? :rolleyes:
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  3. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Thanks Bluerinse! I know, the way I phrased it is a bit confusing in terms of me asking a question... actually what I wanted to know is if the part about Authentication/Authorization is correct, i.e below


     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA

Share This Page

Loading...