Routing and Remote Access Service (Remote Access) - Windows Server 2003 Networking Recipes - page 153

Information Technology Reference

In-Depth Information

MSCHAPV2 : Microsoft Encrypted Authentication v2

EAP : Extensible Authentication Protocol

For example, to add mschapv2 to the authentication protocol list, run the following command:

> netsh ras add authtype mschapv2

You can remove an authentication protocol by using the similar netsh ras delete authtype

command:

> netsh ras delete authtype {pap|spap|md5chap|mschap|mschapv2|eap}

The parameters are the same as for the netsh ras add authtype command.

By default, your RRAS server is configured to use Windows Authentication; however, you

may also configure it to use RADIUS authentication. You can determine the authentication

mode by issuing this command:

> netsh ras AAAA show authentication

You can configure the server to authenticate using a RADIUS server by running the

netsh ras AAAA add authserv command:

> netsh ras AAAA add authserv [name=] <ServerID> [[secret=] <SharedSecret> ]

[[init-score=] <ServerPriority> ] [[port=] <Port> ] [[timeout=] <Seconds> ]

[[signature] {enabled | disabled}]

The parameters used by this command are as follows:

Name : Required parameter that specifies the name of the RADIUS server. You may enter

this value as either the DNS name of the server or its IP address.

Secret : Optional parameter that specifies the shared secret.

Init-Score : Optional parameter that specifies the initial score or server priority. If omitted,

the default score of 30 will be assumed.

Port : Optional parameter that specifies the port on which the RADIUS server listens for

authentication requests. If omitted, the default port of 1812 will be assumed.

Timeout : Optional parameter that specifies the timeout value, specified in seconds. If omitted,

the default timeout of 5 seconds will be assumed.

Signature : Optional parameter that specifies whether to use digital signatures. This parameter

may only take values of enabled or disabled .

■ Note If you have already configured these settings and just want to modify their properties, replace netsh

RAS AAAA add authserv with netsh RAS AAAA set authserv .

For example, to configure RRAS to authenticate requests against the RADIUS1 server with a

shared secret of NCC1701A with digital signatures enabled, use the following command:

Next Page

Windows Server 2003 Networking Recipes

Search WWH ::

Custom Search

Home