Remote RADIUS server groups

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Remote RADIUS server groups

A remote RADIUS server group is a named group that contains one or more RADIUS servers. When IAS is being used as a RADIUS proxy for RADIUS request messages, a remote RADIUS server group must be specified. This group is used to facilitate the common configuration of both a primary and at least one backup RADIUS server. You can specify various settings to either determine the order in which the servers are used or distribute the RADIUS messages across all servers in the group.

Each server in the group has the following settings:

  • Name or address

    Each group member must have a unique name within the group. The name can be an IP address or a name that can be resolved to its IP address. For more information, see Configure the name of a group member.

  • Authentication and accounting

    When IAS is used as a RADIUS proxy, it is acting as a RADIUS client to another RADIUS server. Therefore, each group member must be configured to send RADIUS messages to the correct User Datagram Protocol (UDP) port that is used by the RADIUS server for RADIUS traffic. Additionally, each group member must be configured for the correct shared secret. The default authentication port is 1812. The default accounting port is 1813. For more information, see Configure the authentication and accounting settings of a group member.

  • Load balancing

    A priority setting is used to indicate which member of the group is the primary server (the priority is set to 1). For group members that have the same priority, a weight setting is used to calculate how often RADIUS messages are sent to each of them. You can use additional settings to configure the way in which the IAS server detects when a group member first becomes unavailable and when it becomes available after it has been determined to be unavailable. For more information, see Configure the load balancing properties of a group member.

After a remote RADIUS server group is configured, it can be specified in the authentication and accounting settings of a connection request policy. Because of this, you can configure a remote RADIUS server group first. Next, you can configure the connection request policy to use the newly configured remote RADIUS server group. Alternately, you can use the New Connection Request Policy Wizard to create a new remote RADIUS server group while you are creating the connection request policy.

For information about creating a remote RADIUS server group, see Add a remote RADIUS server group.

Note

  • Remote RADIUS server groups are separate from Windows groups.