Configuring the RADIUS (IAS) Server

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Before you configure your RADIUS server, open Active Directory Users and Computers and verify that your IAS server is a member of the RAS and IAS Servers group.

Configure your RADIUS (IAS) server by performing the following tasks:

  1. Add each wireless AP to the IAS server as a RADIUS client.

  2. Create a remote access policy for wireless clients.

Adding APs as RADIUS Clients

On the IAS server, add each wireless AP as a RADIUS client. You will need to type the RADIUS shared secret that you configured earlier on the wireless AP.

To add a wireless AP as a RADIUS client on the IAS server

  1. Open the Internet Authentication Service snap-in.

  2. In the console tree, right-click the RADIUS Clients folder, and then click New RADIUS Client.

  3. In the Friendly name field, type a name for the AP.

  4. In the Client address (IP or DNS) field, type the IP address of the wireless AP. Then click Next.

  5. If the remote access policy for wireless users is designed for a specific model of wireless AP (for example, a remote access policy that contains vendor-specific attributes), in the Client Vendor list, select the manufacturer’s name.

    If you do not know the manufacturer, accept the default value, RADIUS Standard.

  6. In the Shared secret and Confirm shared secret fields, type the shared secret value that you assigned when you configured the AP.

Creating a Remote Access Policy for Wireless Clients

To give wireless users access to the network, create a remote access policy for wireless clients, and then configure that policy for the highest level of encryption. To use IAS, you must be logged on using an account that has administrative credentials.

To add a remote access policy for wireless clients

  1. Open the Internet Authentication Service snap-in.

  2. In the console tree, right-click Remote Access Policies, and then click New Remote Access Policy.

  3. Complete the New Remote Access Policy Wizard using the information provided in Table 11.3. Accept default settings when no information is specified.

    Table 11.3   Adding a Remote Access Policy for Wireless Users

    Wizard Page Action

    Policy Configuration Method

    For Policy Name, type an appropriate name, such as WLAN Test Policy.

    Access Method

    Select Wireless.

    User or Group Access

    Click Group, and then click Add.

    In the Select Groups dialog box, type the name of the group that you created for wireless users, and then click Check Names to confirm that the name you typed is correct.

    Authentication Methods

    Select Smart Card or other certificate.

To configure encryption for the new remote access policy

  1. In the console tree of the Internet Authentication Service snap-in, right-click the newly created wireless access policy, and then click Properties.

  2. Verify that Grant remote access permission is selected, and then click Edit Profile.