Checklist: Configuring IAS to forward requests

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Checklist: Configuring IAS to forward requests

Step Reference

Review RADIUS and IAS concepts.

IAS Overview; Understanding IAS

Review IAS implementation best practices.

IAS Best Practices

Review IAS security issues.

Security information for IAS

Install IAS on the computer that will be used as the IAS proxy server.

Install IAS

Configure the properties of the IAS proxy server, including the ports used and event log settings.

Configure IAS Properties

Add the RADIUS clients on the IAS proxy server. Configure the shared secret that is common to both the IAS proxy server and the RADIUS client (from which requests are received).

Add RADIUS clients

On the IAS proxy server, use the New Remote RADIUS Server Group Wizard to create a remote server group with one or more RADIUS servers to which RADIUS messages are forwarded. Configure RADIUS ports and shared secrets that are common to both the IAS proxy server and the RADIUS servers (to which requests are forwarded).

Add a remote RADIUS server group

On the IAS proxy server, use the New Connection Request Policy Wizard to create a connection request policy to forward connection requests and accounting information to the remote RADIUS server group.

Add a connection request policy

Configure logging methods for user authentication and accounting requests.

Configure Logging for User Authentication and Accounting

Optional. Copy the IAS proxy configuration from the IAS proxy server to additional IAS proxy servers.

Copy the IAS configuration to another server

Register the IAS proxy servers in the appropriate Active Directory domains.

Enable the IAS server to read user accounts in Active Directory

Verify the configuration of RADIUS accounting and authentication on the RADIUS clients.

IAS as a RADIUS server design considerations; Use RADIUS authentication; Use RADIUS accounting;Remote Access; Manufacturer's documentation

Configure the IAS servers as RADIUS clients on the RADIUS servers (to which requests are forwarded).

Add RADIUS clients; Manufacturer's documentation

Note

  • You can configure IAS in Windows Server 2003, Standard Edition, with a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the IAS server uses the first IP address returned in the DNS query. With IAS in Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure RADIUS clients by specifying an IP address range.