none
Multiple RRAS connecting to the same network policy RRS feed

  • Question

  • Hi,

    Let's say you've got five different RRAS Servers: RRAS1, RRAS2, RRAS3, RRAS4 and you wanna use just 1 network policy. If I understand correctly, the first of the steps would be to go to NPS through Remote Access Logging on each RRAS?

    "Standard" NPS has some more options:

    Is my thinking correct? What would be additional steps needed to complete the whole configuration?

    Thanks!

    Thursday, May 16, 2019 11:12 AM

All replies

  • Hi,

    Yes, you are right.

    You need to check the following tow settings: RRAS authentication provider and radius clients.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 17, 2019 1:56 AM
    Moderator
  • Thanks. BTW on Security tab, there are options for both Authentication and Accounting.

    I have another similar question. There are two powershell commands:

    Set-RemoteAccessAccounting

    "Sets the enabled state for inbox and RADIUS accounting for both external RADIUS and Windows accounting and configures the settings when enabled."

    Set-RemoteAccessRadius

    "Edits the properties associated with an external RADIUS server being used for VPN authentication, accounting for DirectAccess (DA) and VPN, and one-time password (OTP) authentication for DA."

    I think both of them are connected to this tab? But second has also an option to set up accounting? 

    Set-RemoteAccessAccounting [-ComputerName <String>] [-PassThru] [-RadiusServer <String>] [-SharedSecret <String>] [-RadiusPort <UInt16>] [-RadiusScore <Byte>] [-RadiusTimeout <UInt32>] [-AccountingOnOffMsg <String>] [-EnableAccountingType] <String>

    https://docs.microsoft.com/en-us/powershell/module/remoteaccess/set-remoteaccessaccounting?view=win10-ps

    Set-RemoteAccessRadius [-ComputerName <String>] [-Purpose]

    - Authentication.

    -- Accounting.

    -- Otp.

    [-Port <UInt16>] [-Score <Byte>] [-ServerName] <String> [-Timeout <UInt32>] [-SharedSecret <String>] [-AccountingOnOffMsg <String>] [-MsgAuthenticator <String>] [-EntrypointName <String>]

    https://docs.microsoft.com/en-us/powershell/module/remoteaccess/set-remoteaccessradius?view=win10-ps

    So which one is used for what? Which is used for Authentication and which for accounting?

    Saturday, May 18, 2019 2:50 PM
  • Hi,

    I don't have much experience with powershell.

    As far as I know,  the two commands have a similar function for configuring accounting.

    However, The command Set-RemoteAccessRadius not only can configure accounting but also authentication and otp. 

    As a result, Both commands are OK but the command  Set-RemoteAccessRadius is more powerful.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Monday, May 20, 2019 9:58 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, May 23, 2019 8:51 AM
    Moderator