Disabling caller-set callback

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Disabling caller-set callback

In this example, a network administrator wants to disable the use of callback when callback settings are determined by the dial-up access client (also known as caller-set callback). If caller-set callback is not being used, do not disable or modify the use of callback.

To implement this connection request policy example, complete the following steps:

1. Use the New Connection Request Policy Wizard to create a new common connection request policy named Forward to intranet IAS servers. Configure the policy to forward RADIUS requests, configure the realm name of example.microsoft.com, and select the remote RADIUS server group named Intranet IAS servers. Do not remove the realm name before authentication.

   For more information, see Add a connection request policy.

2. Use the New Remote RADIUS Server Wizard to create a new remote RADIUS server group named Intranet IAS servers. Configure the group with primary and backup servers that correspond to the two IAS server computers in the organization intranet.

   For more information, see Add a remote RADIUS server group.

3. Create a new custom connection request policy with the following settings:

   • Policy name: Forward to intranet IAS servers but remove caller-set callback

   • Conditions: User-Name matches example.microsoft.com; Service-Type matches Callback Login

   • Profile settings, Authentication tab: Select Forward requests to the following remote RADIUS server group for authentication, and then select the Intranet IAS servers group.

   • Profile settings, Accounting tab: Select Record accounting information on the servers in the following remote RADIUS server group, and then select the Intranet IAS servers group.

   • Profile settings, Attribute tab: Select the User-Name attribute and add a find and replace rule that finds example.microsoft.com and replaces it with nothing.

   • Profile settings, Advanced tab: Add the Service-Type attribute with the value Framed.

   For more information, see Add a connection request policy.

4. Delete the default policy named Use Windows authentication for all users.

   For more information, see Delete a connection request policy.

Based on this connection request policy, all RADIUS request messages that contain the realm name example.microsoft.com in the User-Name attribute are forwarded to an IAS server in the organization intranet. When the Access-Accept message is sent to the IAS server computer in the perimeter network, the Callback-ID and Callback-Number RADIUS attributes in the message are set to blank values--effectively disabling callback.