IAS RADIUS server in root domain servicing RRAS clients in subdomains

According to Transcender (Exam 70-297) you can have an IAS RADIUS server in
a root domain servicing RRAS clients in subdomains.

Specifically, the scenario is that you have a head office and other branch
offices that are subdomains of the head office domains. RRAS servers exist
in all branch offices. The business objective is that RRAS servers should be
administrered by local IT staff but RRAS policy should be determined
centrally in the head office. The correct Transcender solution is to place
an IAS server in the head office that will act as a RADIUS server for the
various RRAS servers.

The problem that I have with this is that I do not understand how the RADIUS
server in the head office (root domain) is going to access the Active
Directory account information for users dialling in to the local office
subdomain? How can this server authenticate users in a different domain?

Any assistance would be much appreciated.

TIA

eddiec

eddiec

Aha, but the parent domain by default in AD establishes a two way trust with
the child domain so therefore Transcender are right that the RADIUS server
in the root domain would authenticate users in the regional offices.

eddiec

"Srinidhi Viswanatha [MSFT]" <> wrote in message
news:...
> authentication of remote dial-in users from another domain is possible
only
> if the Radius server's domain trusts the user's domain.
>
> --
> Thanks
> Srinidhi
>
> This posting is provided "AS IS" with no warranties and confers no rights.
>
> "Srinidhi Viswanatha [MSFT]" <> wrote in
message
> news:...
> > The RADIUS server in the head office is not going to authenticate users
of
> a
> > different domain...only local users of the radius server and users of
the
> > domain to which the radius server belongs get access.
> >
> > --
> > Thanks
> > Srinidhi
> >
> > This posting is provided "AS IS" with no warranties and confers no
rights.
> >
> > "eddiec" <> wrote in message
> > news:408493f8$...
> > > According to Transcender (Exam 70-297) you can have an IAS RADIUS
server
> > in
> > > a root domain servicing RRAS clients in subdomains.
> > >
> > > Specifically, the scenario is that you have a head office and other
> branch
> > > offices that are subdomains of the head office domains. RRAS servers
> exist
> > > in all branch offices. The business objective is that RRAS servers
> should
> > be
> > > administrered by local IT staff but RRAS policy should be determined
> > > centrally in the head office. The correct Transcender solution is to
> place
> > > an IAS server in the head office that will act as a RADIUS server for
> the
> > > various RRAS servers.
> > >
> > > The problem that I have with this is that I do not understand how the
> > RADIUS
> > > server in the head office (root domain) is going to access the Active
> > > Directory account information for users dialling in to the local
office
> > > subdomain? How can this server authenticate users in a different
domain?
> > >
> > > Any assistance would be much appreciated.
> > >
> > > TIA
> > >
> > > eddiec
> > >
> > >
> >
> >
>
>

eddiec

hang on let me think no one wont to listen
>-----Original Message-----
>Aha, but the parent domain by default in AD establishes a
two way trust with
>the child domain so therefore Transcender are right that
the RADIUS server
>in the root domain would authenticate users in the
regional offices.
>
>eddiec
>
>"Srinidhi Viswanatha [MSFT]"
<> wrote in message
>news:...
>> authentication of remote dial-in users from another
domain is possible
>only
>> if the Radius server's domain trusts the user's domain.
>>
>> --
>> Thanks
>> Srinidhi
>>
>> This posting is provided "AS IS" with no warranties and
confers no rights.
>>
>> "Srinidhi Viswanatha [MSFT]"
<> wrote in
>message
>> news:...
>> > The RADIUS server in the head office is not going to
authenticate users
>of
>> a
>> > different domain...only local users of the radius
server and users of
>the
>> > domain to which the radius server belongs get access.
>> >
>> > --
>> > Thanks
>> > Srinidhi
>> >
>> > This posting is provided "AS IS" with no warranties
and confers no
>rights.
>> >
>> > "eddiec" <> wrote in message
>> > news:408493f8$...
>> > > According to Transcender (Exam 70-297) you can have
an IAS RADIUS
>server
>> > in
>> > > a root domain servicing RRAS clients in subdomains.
>> > >
>> > > Specifically, the scenario is that you have a head
office and other
>> branch
>> > > offices that are subdomains of the head office
domains. RRAS servers
>> exist
>> > > in all branch offices. The business objective is
that RRAS servers
>> should
>> > be
>> > > administrered by local IT staff but RRAS policy
should be determined
>> > > centrally in the head office. The correct
Transcender solution is to
>> place
>> > > an IAS server in the head office that will act as a
RADIUS server for
>> the
>> > > various RRAS servers.
>> > >
>> > > The problem that I have with this is that I do not
understand how the
>> > RADIUS
>> > > server in the head office (root domain) is going to
access the Active
>> > > Directory account information for users dialling in
to the local
>office
>> > > subdomain? How can this server authenticate users
in a different
>domain?
>> > >
>> > > Any assistance would be much appreciated.
>> > >
>> > > TIA
>> > >
>> > > eddiec
>> > >
>> > >
>> >
>> >
>>
>>
>
>
>.
>