Send NAS-specific RADIUS attributes to a RADIUS client

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Send NAS-specific RADIUS attributes to a RADIUS client

In this example, the network administrator is managing authorization by using groups. All user accounts have the Remote Access Permission (Dial-in or VPN) option set to Control access through Remote Access Policy.

The network administrator wants to allow dial-up connections for only those user accounts in the DialUpUsers group and send a series of network access server (NAS) attributes that are specific to the Ascend NAS. After remote access permission is set for all user accounts, the administrator completes the following steps:

1. When the NAS is added as a RADIUS client, configure its manufacturer.

   For more information about configuring a RADIUS client for an IAS server, see Add RADIUS clients.

2. Use the New Remote Access Policy Wizard to create a custom policy with the following settings:

   • Policy name: Allow dial-up connections and send attributes to Ascend NAS

   • Conditions: Client-Vendor matches Ascend Communications, Inc.; NAS-Port-Type matches Async (Modem) ; Windows-Groups matches DialUpUsers

   • Permission: Grant remote access permission

   • Profile settings, Advanced tab: Add the appropriate Ascend RADIUS attributes with their correct values.

   For more information, see Add a remote access policy.

3. Delete the default policies.

   For more information, see Delete a remote access policy.