Microsoft RADIUS Dial-In Remote Access Allow

A common problem with Microsoft RADIUS (NPS) user authentication is a pesky little setting within each user profile in Active Directory. While logged in as a Domain Admin, open the user properties within Active Directory and select the Dial-In tab. The first section is named “Network Access Permission.” To allow the user to authenticate through Microsoft RADIUS/NPS, select the “Allow access” option and then “OK” to save the changes. Wait the appropriate amount of time for the change to replicate to all domain controllers or force the replication with “repadmin” command. For a screenshot of this Dial-in tab and other related items, see the following Microsoft Networking Blog article. This setting applies to all RADIUS clients including Wifi and VPN users.

While it may be possible to set up your NPS policies to ignore this setting, in practice it is just safer and more reliable to set every wifi/vpn user to “allow” on the active directory dial-in tab and then the NPS policies will still force other restrictions on domain groups permitted, etc.

Advertisements

About notesbytom

Keeping technology notes on WordPress.com to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in Networking, System Administration and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s