Partilhar via


Centralized authentication by using IAS

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Centralized authentication by using IAS

To spread the load between dial-up and VPN-based remote access users, the network administrator of Electronic, Inc. decided to configure a separate VPN server. To centralize the authentication and accounting functions for both the remote access server and the VPN server, a computer running Internet Authentication Service (IAS) with the IP address of 172.31.248.9 functions as a RADIUS server.

The following illustration shows the configuration of the Electronic, Inc. network for IAS-based centralized authentication and accounting.

Centralized authentication by using IAS

The IAS server has its own set of remote access polices. Rather than maintain two different sets of remote access policies, one set for the remote access server and one for the VPN server, both the remote access server and the VPN server are configured to use RADIUS authentication. Therefore, both the remote access server and the VPN server are configured as RADIUS clients to the IAS server. The IAS server provides remote access authentication, authorization, and accounting for both the remote access server and the VPN server.

Remote access policy configuration

Once the server running Routing and Remote Access is configured to use RADIUS authentication, the remote access policies stored on the remote access server are no longer used. Instead, the remote access policies stored on the IAS server are used. Therefore, the current set of remote access policies is copied to the IAS server.

For more information, see Copy the IAS configuration to another server.

RADIUS configuration

To configure RADIUS authentication and accounting, the network administrator for Electronic, Inc. configures the following:

Note

  • The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.