IAS Jet Database Access (System Services for the Windows Server 2003 Family and Windows XP Operating Systems)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Service Name: IASjet
Executable Name: svchost.exe –k iasjet
Log On As: LocalSystem
Description: The IAS Jet Database Access service uses the Remote Authentication Dial-in User Service (RADIUS) protocol to provide authentication, authorization, and accounting services. With IAS, you can centrally manage the authentication, authorization, and accounting of users. You can also use IAS to authenticate users in databases on your domain controller running Windows NT 4.0, Windows 2000, or Windows Server operating systems. IAS works equally well in homogeneous and heterogeneous networks running Windows Server operating systems.
Internet Authentication Service (IAS) can be used as a RADIUS proxy to provide the routing of RADIUS messages between RADIUS clients (access servers) and RADIUS servers that perform user authentication, authorization, and accounting for the connection attempt. When used as a RADIUS proxy, IAS is a central switching or routing point through which RADIUS access and accounting messages flow. IAS records information in an accounting log about the messages that are forwarded.
A RADIUS authentication, authorization, and accounting infrastructure consists of the following components:
An access client is a device that requires some level of access to a larger network. Examples of access clients are dial-up or virtual private network (VPN) clients, wireless clients, or LAN clients connected to a switch.
RADIUS clients (access servers)
An access server is a device that provides some level of access to a larger network. An access server using a RADIUS infrastructure is also a RADIUS client, sending connection requests and accounting messages to a RADIUS server. Examples of access servers are:
Network access servers (NASs) that provide remote access connectivity to an organization network or the Internet. An example is a Windows 2000 computer running the Routing and Remote Access service and providing either traditional dial-up or virtual private network (VPN) remote access services to an organization's intranet.
Wireless access points that provide physical layer access to an organization's network, using wireless-based transmission and reception technologies.
Switches that provide physical layer access to an organization's network, using traditional LAN technologies such as Ethernet.
A RADIUS proxy is a device that forwards or routes RADIUS connection requests and accounting messages between RADIUS clients (and RADIUS proxies) and RADIUS servers (or RADIUS proxies). The RADIUS proxy uses information within the RADIUS message, such as the User-Name or Called-Station-ID RADIUS attributes, to route the RADIUS message to the appropriate RADIUS server.
A RADIUS proxy can be used as a forwarding point for RADIUS messages when the authentication, authorization, and accounting must occur at multiple RADIUS servers in different organizations.
A RADIUS server is a device that receives and processes connection requests or accounting messages sent by RADIUS clients or RADIUS proxies. In the case of connection requests, the RADIUS server processes the list of RADIUS attributes in the connection request. Based on a set of rules and the information in the user account database, the RADIUS server either authenticates and authorizes the connection and sends back an Access-Accept message or sends back an Access-Reject message. The Access-Accept message can contain connection restrictions that are implemented by the access server for the duration of the connection.
User account database
The user account database is the list of user accounts and their properties that can be checked by a RADIUS server to verify authentication credentials and user account properties containing authorization and connection parameter information.
The user account databases that IAS can use are the local Security Accounts Manager (SAM), a Microsoft Windows NT 4.0 domain, or the Active Directory service. For Active Directory, IAS can provide authentication and authorization for user or computer accounts in the domain in which the IAS server is a member, two-way trusted domains, and trusted forests with domain controllers running Windows Standard Server, Windows Enterprise Server, and Windows Datacenter Server.
If the user accounts for authentication reside in a different type of database, IAS can be configured as a RADIUS proxy to forward the authentication request to a RADIUS server that does have access to the user account database. Different databases for Active Directory include untrusted forests, untrusted domains, or one-way trusted domains.
If this service is disabled, both the Routing and Remote Access Service (RRAS) and Internet Authentication Service (IAS) will fail to start. You will also not be able to administer RRAS or IAS either locally or remotely. If this service is stopped or disabled, users will not be able to connect to the network in cases where network access requires user authentication (e.g., remote access [dial-up, VPN] or wireless LAN [802.1X], Ethernet 802.1X LAN access).
Available on: Windows Server 2003, Enterprise Edition (64-bit only) , Windows Server 2003, Datacenter) Edition (64-bit only).
Installed through: Default operating system installation
Startup type: Manual
Service status: Stopped
This service depends on the following system components:
Remote Procedure Call
The following system components depend on this service: None
IP Port Numbers used: None