Configuring Roles » History » Version 3
Version 2 (Luke Murphey, 07/27/2012 04:06 PM) → Version 3/10 (Luke Murphey, 08/12/2012 06:26 AM)
h1. Configuring Roles
By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute. The attribute should contain with a string name of "Vendor Specific":http://technet.microsoft.com/en-us/library/cc958030.aspx#XSLTsection133121120120 with a vendor code of "RADIUS standard" containing a string (Vendor-Id of zero, Vendor-type of zero). The string ought to contain a colon or comma separated list of roles (like "admin:can_delete"). Re-run setup on the RADIUS auth app and configure the app to use the vendor code and vendor attribute ID you defined.
Below are instructions for configuring IAS:
h2. Open the IAS MMC Snap-In
Start the "mmc"
!Open_mmc_snap_in.png!
h2. Open the Remote Access Policy
Selected "Remote Access Policies" and open the appropriate policy.
!Select_policy.png!
h2. Create a New Attribute
Create a new attribute with a value of "Vendor-Specific" and a vendor of "RADIUS Standard".
!Select_attribute.png!
Select a format of string and set the value to a colon separated list of roles.
!Edit_attribute.png!
The created attribute should look something like this:
!List_attributes.png!
By default, successfully authenticated users are assigned the "user" role. However, this can be overridden by creating a vendor specific attribute. The attribute should contain with a string name of "Vendor Specific":http://technet.microsoft.com/en-us/library/cc958030.aspx#XSLTsection133121120120 with a vendor code of "RADIUS standard" containing a string (Vendor-Id of zero, Vendor-type of zero). The string ought to contain a colon or comma separated list of roles (like "admin:can_delete"). Re-run setup on the RADIUS auth app and configure the app to use the vendor code and vendor attribute ID you defined.
Below are instructions for configuring IAS:
h2. Open the IAS MMC Snap-In
Start the "mmc"
!Open_mmc_snap_in.png!
h2. Open the Remote Access Policy
Selected "Remote Access Policies" and open the appropriate policy.
!Select_policy.png!
h2. Create a New Attribute
Create a new attribute with a value of "Vendor-Specific" and a vendor of "RADIUS Standard".
!Select_attribute.png!
Select a format of string and set the value to a colon separated list of roles.
!Edit_attribute.png!
The created attribute should look something like this:
!List_attributes.png!