Remote Networking

Reply
Occasional Contributor II

VIA client / RADIUS - new domain users denied

Users coming in through a VIA client to a 3200. Users are all members of a "Remote" group in Active Directory. The 3200 is set up to query our RADIUS server (MS Server 2008 Network Policy Server). This works perfectly for old users - lets in the people that are in the AD group, denies users not in the group. I can take old users and add them to the group, again - works perfectly.

HOWEVER, if I create a new user and add him to the group, the RADIUS server denies him. So far my Google-fu has been weak - I haven't found anything really relating to this. Anyone have ideas?

This behavior even occurs on the same laptop - and old user logs in and connects through VIA successfully. A new user logs in, tries to connect through VIA, and the RADIUS server denies them.
Occasional Contributor II

Re: VIA client / RADIUS - new domain users denied

Should clarify - this happens for users created in the last several months - it isn't simply a brief AD replication issue.
Guru Elite

Re: VIA client / RADIUS - new domain users denied

Post the rejection message in the radius server eventviewer, as a start...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee

Re: VIA client / RADIUS - new domain users denied

Compare the user dial in properties between an existing user that works and a new user that doesn't.
-joshua
Occasional Contributor II

Re: VIA client / RADIUS - new domain users denied

I found it within RADIUS (aka Network Policy Server). A checkbox for "Ignore user account dial-in properties." The dial-in tab no longer exists in AD 2008, so this was getting missed. Since we handle the remote access through membership in an AD group, we don't need anything on the no-longer-existant tab.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: