Configure Authentication Methods

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

By default, the answering router is configured to accept EAP-TLS, MS-CHAP v2, and MS-CHAP as the authentication methods. To increase security, use either EAP-TLS alone or EAP-TLS along with MS-CHAP v2. Alternatively, you can use MS-CHAP v2 with passwords for user authentication.

To configure the authentication method on the answering router

1. On the answering router, specify which authentication method or methods to accept.

   By default, the answering router is configured to accept EAP-TLS, MS-CHAP v2, and MS-CHAP.

   • To increase security, clear the MS-CHAP selection, and, if you plan to use EAP-TLS only, also clear the MS-CHAP v2 selection.

     -or-

   • To use MS-CHAP v2 with passwords for user authentication, clear the EAP-TLS selection.

   For information about how to add or clear authentication methods, see Enable authentication protocols in Help and Support Center for Windows Server 2003.

2. If you select EAP-TLS authentication, be sure to perform the steps in "Install Computer and User Certificates for EAP-TLS" earlier in this chapter.