Configuring Roles » History » Version 2
Luke Murphey, 07/27/2012 04:06 PM
| 1 | 1 | Luke Murphey | h1. Configuring Roles |
|---|---|---|---|
| 2 | 1 | Luke Murphey | |
| 3 | 2 | Luke Murphey | By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute with a name of "Vendor Specific":http://technet.microsoft.com/en-us/library/cc958030.aspx#XSLTsection133121120120 with a vendor code of "RADIUS standard" containing a string (Vendor-Id of zero, Vendor-type of zero). The string ought to contain a colon separated list of roles (like "admin:can_delete"). Below are instructions for configuring IAS: |
| 4 | 1 | Luke Murphey | |
| 5 | 1 | Luke Murphey | h2. Open the IAS MMC Snap-In |
| 6 | 1 | Luke Murphey | |
| 7 | 1 | Luke Murphey | Start the "mmc" |
| 8 | 1 | Luke Murphey | |
| 9 | 1 | Luke Murphey | !Open_mmc_snap_in.png! |
| 10 | 1 | Luke Murphey | |
| 11 | 1 | Luke Murphey | h2. Open the Remote Access Policy |
| 12 | 1 | Luke Murphey | |
| 13 | 1 | Luke Murphey | Selected "Remote Access Policies" and open the appropriate policy. |
| 14 | 1 | Luke Murphey | |
| 15 | 1 | Luke Murphey | !Select_policy.png! |
| 16 | 1 | Luke Murphey | |
| 17 | 1 | Luke Murphey | h2. Create a New Attribute |
| 18 | 1 | Luke Murphey | |
| 19 | 1 | Luke Murphey | Create a new attribute with a value of "Vendor-Specific" and a vendor of "RADIUS Standard". |
| 20 | 1 | Luke Murphey | |
| 21 | 1 | Luke Murphey | !Select_attribute.png! |
| 22 | 1 | Luke Murphey | |
| 23 | 1 | Luke Murphey | Select a format of string and set the value to a colon separated list of roles. |
| 24 | 1 | Luke Murphey | |
| 25 | 1 | Luke Murphey | !Edit_attribute.png! |
| 26 | 1 | Luke Murphey | |
| 27 | 1 | Luke Murphey | The created attribute should look something like this: |
| 28 | 1 | Luke Murphey | |
| 29 | 1 | Luke Murphey | !List_attributes.png! |