Compartir a través de


Differences in IAS implementations

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Differences in IAS implementations

A previous version of IAS was released with the Microsoft® Windows NT® 4.0 Option Pack. The following table describes the differences between this version and the one available in Microsoft® Windows Server® 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition.

Windows NT 4.0 IAS IAS in Microsoft® Windows Server™ 2003 operating systems 

If a domain name is not specified during authentication, the IAS server authenticates the user against only the local SAM database.

IAS resolves a user name without a specified domain name by using the following sequence:

  1. IAS determines a default domain from the registry, if one is specified.

  2. If the IAS server is a member of a domain, IAS authenticates the user against that domain.

  3. If the IAS server is not a member of a domain, IAS authenticates the user against the local SAM database.

IAS does not use callback permissions for all user objects.

IAS uses callback permissions for all user objects.

IAS log files are written in ASCII.

IAS log files are multilanguage and are written in UTF-8.

Note

  • You can configure IAS in Windows Server 2003, Standard Edition, with a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the IAS server uses the first IP address returned in the DNS query. With IAS in Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure RADIUS clients by specifying an IP address range.