I'm having a problem with NPS connection policies in combination with forwarded RADIUS requests - the connection policy does not seem to be evaluated?
Our domain has several one-way trusts. I have a network policy stating that only members of a given (domain local) security group can connect. I then have several Connection Request Policies forwarding to NPS servers in the remote domains, with conditions on user name DOMAIN-NAME\\.+. The forwarding works fine, but it seems that the group membership part is not evaluated?
It works fine for users in the local OPS domain, but for all others simply having valid credentials is enough. I've tried setting the "Ignore user account dial-in properties" since it was suggested elsewhere, but it did not seem to make any difference.
