We've got a situation where we want to setup NPS for radius authentication towards AD for our network infrastructure.
However there may be some of our clients which want to access the equipment which were responsible for manging. Nothing I can do about that currently even tho it doesn't make any sense to me to allow client login when we're responsible for the management operations.
What options do we have here?
- Allow customers into our AD?
- Two separate AD forests? How about if we want to allow internal operations team and customer to login to the same devices? How would that look?
Can we maybe allow NPS to authenticate towards two different ADs depending on policy match?
Any help or input is greatly appreciated here.
No comments:
Post a Comment