Announcement

Collapse
No announcement yet.

Can you use RAS to authenticate user AND computer account in AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can you use RAS to authenticate user AND computer account in AD

    I have noticed that a few of our users have been dialing in from their home machines using their AD account. Is there a way to setup a remote access policy to allow connectivity after authenticating user AND computer on the domain?

    If I try and add the domain\domain computers into the policy, nobody can dial in and I get an error 649...The account does not have permission to dial in. If I remove the domain computers and just have the domain users, it works fine.

    Can you add into the policy something about also having to be a domain computer? OS is 2003...On the user and computer account, the dial up permission is set to control through remote policy...

    Thanks!

  • #2
    Re: Can you use RAS to authenticate user AND computer account in AD

    You can use L2PT and computer certificate to authenticated computer account.

    Regards,

    Yuval
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: Can you use RAS to authenticate user AND computer account in AD

      Are there any good articles that outline how to use L2TP over PPP to authenticate computer accounts?

      Thanks!

      Comment


      • #4
        Re: Can you use RAS to authenticate user AND computer account in AD

        http://www.microsoft.com/technet/its...n/default.mspx

        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment


        • #5
          Re: Can you use RAS to authenticate user AND computer account in AD

          Do I need VPN if users are dialing in directly to the RAS? They are not dialing in to another dialup provider...They are dialing straight into the RAS server.

          Seems like I could just setup certificate authentication for the comptuers...But I'm not sure how to do that...I've tried but I haven't been successful yet.

          Thanks for the reply.

          Comment


          • #6
            Re: Can you use RAS to authenticate user AND computer account in AD

            RRAS is AD-aware. In my situation, my users create a Windows VPN connection to the RRAS server using the internet as the transport medium. The VPN uses the user's AD credentials to log into the RRAS server. Once the users have connected, they are now part of the internal network. Nothing more needs to be done.
            |
            +-- JDMils
            |
            +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
            |

            Comment

            Working...
            X