Hey all,
Anyone have experience with one Microsoft IAS server handling two
types of access? Mainly PPP and Login and keeping the Login to a select
group? Here's my scenerio and then my issue.

Scenerio,
Want to allow high end users privilged login access to a large volume
of routers and want IAS Radius to handle authentication (have about 120
routers). Also have a Pix and A dial in gateway in which I need to
provide PPP access to remote users to dial into the network. I do not
want PPP users to gain privileged access to login to the routers but I
do want login router users to gain PPP access into the network. So
effectively the Router users will have both PPP and Login to administer
the routers and the PPP users will just get remote access to the
network vial dial in or VPN. We are using IAS on Windows 2K3 in Mixed
Mode on a DC.

Issue:
Radius for Login is working and PPP for Login is working. The issue is
my ppp users are given access to privileged login to the Routers (big
problem). I set up some Remote Access policies setting up a group for
Router Login and a Group for PPP access but when I deny PPP access
group it denies them from authenticating for dialup network access (the
other problem).

I understand that you can edit the profile to tweak some services to
enable 1 IAS server to effectively determine access for two types of
service without comprimising the router security.