Question regarding RAP in RRAS

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I have a quick question/confirmation regarding Remote Access Policy in RRAS. It is the only software that I've never used for 291, besides that I am pretty solid so I just wanted some hints if I am missing something.

When the RRAS server is on the domain it uses the AD user account to authenticate users where as if the RRAS server was not on the domain it uses the Local SAM to authenticate users. Now there Authentications and Authorizations. Authentications are based on the policy/settings defined for the user where as Authorization is more of a permissions to access a resource, correct?

Now in the Dial-in properties of the user account in AD, there are three options, Deny access, Allow Access and Use Remote Access Policy settings. The Remote Access Policy setting is only available when you raise the domain functional level from mixed mode.

If a user is denied access from the Dial-in properties of the user account... Authentication on RRAS will fail (deny) and the user won't be able to connect. If the user is allowed access then the Authentication will proceed to the server's Remote Access Policy and compare the user access to settings that are configured in RAP. If in the RAP the settings deny access the user will be denied, if allowed the user will be allowed.

All this can become tedious to configure when multiple RRAS servers are implemented. So to have a central administration, we can implement a RADIUS server or an IAS (which is what Microsoft calls it) once we add the clients (RRAS) to IAS all RAP management is done through that server.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I don't think you are missing anything and i am not sure what your question is?

 

Thanks Bluerinse! I know, the way I phrased it is a bit confusing in terms of me asking a question... actually what I wanted to know is if the part about Authentication/Authorization is correct, i.e below