次の方法で共有


Send NAS-specific RADIUS attributes to a RADIUS client

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Send NAS-specific RADIUS attributes to a RADIUS client

In this example, the network administrator is managing authorization by using groups. All user accounts have the Remote Access Permission (Dial-in or VPN) option set to Control access through Remote Access Policy.

The network administrator wants to allow dial-up connections for only those user accounts in the DialUpUsers group and send a series of network access server (NAS) attributes that are specific to the Ascend NAS. After remote access permission is set for all user accounts, the administrator completes the following steps:

  1. When the NAS is added as a RADIUS client, configure its manufacturer.

    For more information about configuring a RADIUS client for an IAS server, see Add RADIUS clients.

  2. Use the New Remote Access Policy Wizard to create a custom policy with the following settings:

    • Policy name: Allow dial-up connections and send attributes to Ascend NAS

    • Conditions: Client-Vendor matches Ascend Communications, Inc.; NAS-Port-Type matches Async (Modem) ; Windows-Groups matches DialUpUsers

    • Permission: Grant remote access permission

    • Profile settings, Advanced tab: Add the appropriate Ascend RADIUS attributes with their correct values.

    For more information, see Add a remote access policy.

  3. Delete the default policies.

    For more information, see Delete a remote access policy.