Configuring Roles » History » Version 2
Version 1 (Luke Murphey, 05/15/2012 06:33 AM) → Version 2/10 (Luke Murphey, 07/27/2012 04:06 PM)
h1. Configuring Roles
By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute with a name of "Vendor Specific":http://technet.microsoft.com/en-us/library/cc958030.aspx#XSLTsection133121120120 Specific" with a vendor code of "RADIUS standard" containing a string (Vendor-Id of zero, Vendor-type of zero). string. The string ought to contain a colon separated list of roles (like "admin:can_delete"). Below are instructions for configuring IAS:
h2. Open the IAS MMC Snap-In
Start the "mmc"
!Open_mmc_snap_in.png!
h2. Open the Remote Access Policy
Selected "Remote Access Policies" and open the appropriate policy.
!Select_policy.png!
h2. Create a New Attribute
Create a new attribute with a value of "Vendor-Specific" and a vendor of "RADIUS Standard".
!Select_attribute.png!
Select a format of string and set the value to a colon separated list of roles.
!Edit_attribute.png!
The created attribute should look something like this:
!List_attributes.png!
By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute with a name of "Vendor Specific":http://technet.microsoft.com/en-us/library/cc958030.aspx#XSLTsection133121120120 Specific" with a vendor code of "RADIUS standard" containing a string (Vendor-Id of zero, Vendor-type of zero). string. The string ought to contain a colon separated list of roles (like "admin:can_delete"). Below are instructions for configuring IAS:
h2. Open the IAS MMC Snap-In
Start the "mmc"
!Open_mmc_snap_in.png!
h2. Open the Remote Access Policy
Selected "Remote Access Policies" and open the appropriate policy.
!Select_policy.png!
h2. Create a New Attribute
Create a new attribute with a value of "Vendor-Specific" and a vendor of "RADIUS Standard".
!Select_attribute.png!
Select a format of string and set the value to a colon separated list of roles.
!Edit_attribute.png!
The created attribute should look something like this:
!List_attributes.png!