Information Technology Reference
In-Depth Information
MSCHAPV2
: Microsoft Encrypted Authentication v2
EAP
: Extensible Authentication Protocol
For example, to add
mschapv2
to the authentication protocol list, run the following command:
> netsh ras add authtype mschapv2
You can remove an authentication protocol by using the similar
netsh ras delete authtype
command:
> netsh ras delete authtype {pap|spap|md5chap|mschap|mschapv2|eap}
The parameters are the same as for the
netsh ras add authtype
command.
By default, your RRAS server is configured to use Windows Authentication; however, you
may also configure it to use RADIUS authentication. You can determine the authentication
mode by issuing this command:
> netsh ras AAAA show authentication
You can configure the server to authenticate using a RADIUS server by running the
netsh ras AAAA add authserv
command:
> netsh ras AAAA add authserv [name=]
<ServerID>
[[secret=]
<SharedSecret>
]
[[init-score=]
<ServerPriority>
] [[port=]
<Port>
] [[timeout=]
<Seconds>
]
[[signature] {enabled | disabled}]
The parameters used by this command are as follows:
Name
: Required parameter that specifies the name of the RADIUS server. You may enter
this value as either the DNS name of the server or its IP address.
Secret
: Optional parameter that specifies the shared secret.
Init-Score
: Optional parameter that specifies the initial score or server priority. If omitted,
the default score of
30
will be assumed.
Port
: Optional parameter that specifies the port on which the RADIUS server listens for
authentication requests. If omitted, the default port of
1812
will be assumed.
Timeout
: Optional parameter that specifies the timeout value, specified in seconds. If omitted,
the default timeout of
5
seconds will be assumed.
Signature
: Optional parameter that specifies whether to use digital signatures. This parameter
may only take values of
enabled
or
disabled
.
■
Note
If you have already configured these settings and just want to modify their properties, replace
netsh
RAS AAAA add authserv
with
netsh RAS AAAA set authserv
.
For example, to configure RRAS to authenticate requests against the
RADIUS1
server with a
shared secret of
NCC1701A
with digital signatures enabled, use the following command: