Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
25756
Views
4
Helpful
4
Replies

Need Dial-in permission to access wireless

gibsthomas
Level 1
Level 1

‎02-14-2006 05:56 AM - edited ‎07-04-2021 11:38 AM

Hi,

We set up our wireless network using 1200 Series AP, ACS 3.3 and WLSE 2.11 and I thought everything was working fine.

However, I just found out y'day that some new users couldnot get connected and digging further, I realised that all users need to be a member of 'Dial-In users' in Active Directory in order to access corporate network through wireless.

Why does this happen?.. is there a work around for this problem?.

Any replys/ suggestions most welcome.

Thanks in advance

Gibs

1 person had this problem
Labels:
0 Helpful
4 Replies 4

amaitre
Level 1
Level 1

‎02-14-2006 07:36 AM

Hello Gibs,

It's an option in the ACS server. You can disable it by going in

External User Database --> Database Configuration --> Windows Database --> click "Configure"

There, uncheck "Dialin Permission"

This should do the trick

Hope that helped

PLS rate all posts

Antoine

gibsthomas
Level 1
Level 1
In response to amaitre

‎02-14-2006 07:45 AM

Hi Antoine,

Thanks for your reply. If I uncheck dial in permission, will it affect any other services, like VPN authentication or Telent authentication to router?. We use this ACS for VPN authentication for employees with VPN Access and Telnet authentication for Network Admins.

Thanks,

Gibs

0 Helpful

rduke
Level 1
Level 1

‎02-15-2006 06:15 AM

Gibs,

I have a similar situation. Our radius points to windows 2000 domain controllers which have microsoft's IAS service installed. I more or less inherited this setup, and who ever installed it only has one policy within IAS which says "allow access if dial-in permission is enabled".

I have been thinking about trying to make some new policies since there are many parameters available such as checking the calling nas station IP. Do you know if the IAS service is installed on your domain or domains ? If you do have IAS, you can look at the help facility within IAS and it explains the logic of how policies are applied. I have not tried this yet, but it looks as if the policies are flexible enough.

R Duke

0 Helpful

gibsthomas
Level 1
Level 1
In response to rduke

‎02-17-2006 01:06 PM

I believe our setup is to add user to the dial-in group everytime someone is given remote access / VPN previledges.

So I fear by taking the check box, I might open remote access to the whole company

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card