Presentation is loading. Please wait.

Presentation is loading. Please wait.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.

Published byAmos Murphy Modified over 8 years ago

Similar presentations

Presentation on theme: "70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service."— Presentation transcript:

1 70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service

2 Guide to MCSE 70-291, Enhanced 2 Objectives Understand and describe the purpose of the RADIUS protocol Describe the function of RADIUS servers, clients, and proxies Configure a RADIUS server using the Internet Authentication Service Configure a RADIUS proxy using the Internet Authentication Service

3 Guide to MCSE 70-291, Enhanced 3 Objectives (continued) Configure RRAS as a RADIUS client Troubleshoot RADIUS

4 Guide to MCSE 70-291, Enhanced 4 RADIUS Overview RADIUS: remote authentication dial-in user service Designed to centralize the authentication process for large distributed networks Originally intended for dial-up networks Can be used for VPN servers, switches, and wireless access points Two mandatory server roles: RADIUS client RADIUS server

5 Guide to MCSE 70-291, Enhanced 5 RADIUS Overview (continued) The RADIUS client accepts authentication information from users or devices and forwards the information to a RADIUS server The RADIUS server accepts authentication information from a RADIUS client Windows Server 2003 can act as either a RADIUS server or RADIUS client

6 Guide to MCSE 70-291, Enhanced 6 RADIUS Overview (continued) Install IAS to use Windows Server 2003 as a RADIUS Server RADIUS proxies act as intermediaries between RADIUS clients and RADIUS servers

7 Guide to MCSE 70-291, Enhanced 7 Radius Overview (continued)

8 Guide to MCSE 70-291, Enhanced 8 Radius Overview (continued)

9 Guide to MCSE 70-291, Enhanced 9 Outsourcing Dial-up Requirements You can use IAS to outsource dial-up requirements and allow roaming users to continue logging on using Active Directory user name and passwords A user dials into ISP, ISP forwards request to RADIUS proxy, RADIUS proxy forwards request to RADIUS server, RADIUS server passes information to domain controller for authentication

10 Guide to MCSE 70-291, Enhanced 10 Outsourcing Dial-up Requirements (continued)

11 Guide to MCSE 70-291, Enhanced 11 Configuring IAS as a RADIUS Server IAS is standard component of Windows Server 2003 Installed through Add or Remove Programs Must be configured using IAS snap-in before being used IAS must be registered with Active Directory if Active Directory is used on the network IAS server will not respond to any requests from RADIUS clients not listed in the IAS configuration

12 Guide to MCSE 70-291, Enhanced 12 Configuring IAS as a RADIUS Server (continued)

13 Guide to MCSE 70-291, Enhanced 13 Configuring IAS as a RADIUS Server (continued)

14 Guide to MCSE 70-291, Enhanced 14 Configuring IAS as a RADIUS Server (continued)

15 Guide to MCSE 70-291, Enhanced 15 Configuring IAS as a RADIUS Server (continued)

16 Guide to MCSE 70-291, Enhanced 16 Activity 11-1: Configuring IAS as a Radius Server Objective: Install IAS so your server can act as a RADIUS server Install IAS through Add or Remove Programs Add RADIUS clients Enter a password in the shared secret box

17 Guide to MCSE 70-291, Enhanced 17 Configuring RRAS as a RADIUS Client The RRAS server acts as a RADIUS client if it passes authentication requests You may specify that a RADIUS server be used for authentication when configuring RRAS You must specify the name or IP address of the RADIUS server and shared secret when configuring RRAS as a RADIUS server

18 Guide to MCSE 70-291, Enhanced 18 Configuring RRAS as a RADIUS Client (continued)

19 Guide to MCSE 70-291, Enhanced 19 Configuring RRAS as a RADIUS Client (continued)

20 Guide to MCSE 70-291, Enhanced 20 Activity 11-2: Configuring a RRAS Client Objective: Configure a RRAS server to use IAS for authentication Use Routing and Remote Access control Add new RADIUS server to the list Enter shared secret

21 Guide to MCSE 70-291, Enhanced 21 Activity 11-3: Testing RADIUS Objective: Create a VPN connection to your RRAS server to test RADIUS authentication Create a new VPN network connection Select anyone’s use If RADIUS is configured successfully, your RRAS server should contact the IAS service on your partner’s computer

22 Guide to MCSE 70-291, Enhanced 22 Configuring IAS as a RADIUS Proxy Windows Server 2003 can act as a RADIUS proxy Windows Server 2003 can act as both RADIUS proxy and RADIUS server at the same time Connection request policies determine how a RADIUS request is handled

23 Guide to MCSE 70-291, Enhanced 23 Remote RADIUS Server Groups Server groups are required for IAS to act as a RADIUS proxy RADIUS requests and logging information are forwarded to remote RADIUS server groups Server groups allow for load balancing and fault tolerance Weight setting is used to configure load balancing Priority is assigned to provide fault tolerance

24 Guide to MCSE 70-291, Enhanced 24 Remote RADIUS Server Groups (continued)

25 Guide to MCSE 70-291, Enhanced 25 Activity 11-4: Creating a Remote RADIUS Server Group Objective: Create a remote RADIUS server group that can be used when IAS is configured as a RADIUS proxy Use the New Remote RADIUS Server Group Wizard Group name is Engineering Enter shared secret

26 Guide to MCSE 70-291, Enhanced 26 Connection Request Policies Constructed similarly to a remote access policy No permissions Conditions are a subset of the conditions found in remote access policies Conditions include Day-And-Time-Restrictions, Client-IP-Addresses, and Client-Vendor Profile has very different options than profile in remote access policy

27 Guide to MCSE 70-291, Enhanced 27 Connection Request Policies (continued)

28 Guide to MCSE 70-291, Enhanced 28 Connection Request Policies (continued)

29 Guide to MCSE 70-291, Enhanced 29 Activity 11-5: Creating a Connection Request Policy Objective: Create a new connection request policy to configure your server as a RADIUS proxy Add a new connection request policy Use New Connection Request Policy Wizard Use proxy name EngineeringProxy

30 Guide to MCSE 70-291, Enhanced 30 Troubleshooting RADIUS Most remote access problems are not related to RADIUS Before troubleshooting RADIUS, ensure users can obtain remote access without RADIUS Use log files whenever possible

31 Guide to MCSE 70-291, Enhanced 31 Troubleshooting RADIUS (continued)

32 Guide to MCSE 70-291, Enhanced 32 Troubleshooting RADIUS (continued)

33 Guide to MCSE 70-291, Enhanced 33 Troubleshooting RADIUS (continued)

34 Guide to MCSE 70-291, Enhanced 34 Activity 11-6: Logging IAS Information to a File Objective: Enable IAS event logging Ensure that all accounting requests are logged Ensure that all valid and nonvalid authentication requests are logged Ensure all interim accounting requests are logged

35 Guide to MCSE 70-291, Enhanced 35 Summary RADIUS may be used to centralize remote access authentication and logging RADIUS is composed of the RADIUS clients, RADIUS servers, and RADIUS proxies RADIUS clients forward authentication requests to RADIUS servers, RADIUS servers then authenticate the requests and authorize the connections A RADIUS proxy can be used as an intermediary between RADIUS clients and servers in large environments IAS allows Windows Server 2003 to act as a RADIUS server

36 Guide to MCSE 70-291, Enhanced 36 Summary (continued) RRAS can act as a RADIUS client when configured as a remote access server IAS can also be configured as a RADIUS proxy Connection request policies are used on each request to determine whether IAS acts as a RADIUS server or a RADIUS proxy Connection request policies are composed of a condition and a profile IAS can log information to a file or SQL server

Download ppt "70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service."

Similar presentations

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.

1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 5: Planning, Configuring, And Troubleshooting DHCP.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 5: Planning, Configuring, And Troubleshooting DHCP.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
11 ADMINISTERING MICROSOFT WINDOWS SERVER 2003 Chapter 2.

11 ADMINISTERING MICROSOFT WINDOWS SERVER 2003 Chapter 2.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Hands-On Microsoft Windows Server 2008 1 Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.
Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.

Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.

Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs

Similar presentations

Ads by Google