Configure the Primary IAS Proxy

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure the primary IAS proxy in the perimeter network, do the following:

  1. On a computer running Windows Server 2003, Standard Edition or Windows Server 2003, Enterprise Edition in the perimeter network, install IAS by using Add/Remove Windows Components. For more information, see "Install IAS" in Help and Support Center for Windows Server 2003. The computer on which IAS is installed does not need to be dedicated to forwarding RADIUS messages. You can install IAS on a computer running other services, such as a DHCP server, a file server, or a DNS server.

  2. If needed, configure additional UDP ports for RADIUS messages that are sent by the RADIUS proxies. By default, IAS uses UDP ports 1812 and 1645 for authentication and ports 1813 and 1646 for accounting.

  3. Add the RADIUS proxies as RADIUS clients of the IAS server. Verify that you are configuring the correct name or IP address and shared secrets.

  4. Create a remote RADIUS server group that contains the IAS servers in your organization.

  5. Create a connection request policy that forwards RADIUS request messages based on the realm name of your organization. For more information about realm names, see "Realm names" in Help and Support Center for Windows Server 2003.

  6. Use the New Connection Request Policy Wizard to create a connection request policy that forwards connection requests to a remote RADIUS server group and where the realm name matches the realm name of the user accounts in your organization. Clear the check box that removes the realm name for authentication. In the New Connection Request Policy Wizard, use the New Remote RADIUS Server Group Wizard to create a remote RADIUS server group with members that include the two IAS servers within your intranet.

  7. Delete the default connection request policy named Use Windows authentication for all users.

For more information about configuring IAS proxies in the perimeter network, see "Outsourced dial and a proxy in the perimeter network" in Help and Support Center for Windows Server 2003.