Information Technology Reference
In-Depth Information
CHAPTER 6
■ ■ ■
Internet Authentication
Service (IAS)
T
he Internet Authentication Service (IAS) is the Microsoft Remote Authentication Dial-In
User Service (RADIUS) server implementation, which can serve as both a RADIUS server and a
RADIUS proxy. When configured as a RADIUS server, IAS can perform authentication (deter-
mining the identity of a user), authorization (determining what a user is allowed to access), and
accounting (keeping track of a user's actions) for different types of network access. IAS can be
used to configure and secure wireless local area networks (WLANs), as well as virtual private
network (VPN) connections. In addition, you can use IAS to create a “quarantine” zone that
will prevent remote clients from accessing your network until they have passed certain health
checks, such as verifying patch levels and the status of antivirus software. You can also configure
IAS to function as a RADIUS proxy, which means that IAS can forward authentication requests
and accounting information to other RADIUS servers located elsewhere on your network.
IAS supports a number of authentication algorithms, ranging from unauthenticated
access to Challenge Handshake Authentication Protocol (CHAP), MS-CHAP, MS-CHAPv2,
and the Extensible Authentication Protocol (EAP), which allows for smart card and certificate-
based authentication. You can configure both remote access policies and connection request
policies to control whether incoming connection requests are permitted or denied, and
what type of information is passed on to other RADIUS servers when IAS is configured as
a RADIUS proxy.
Using a Graphical User Interface
When you install IAS on a Windows Server 2003 computer, the IAS MMC snap-in is automati-
cally added to the Administrative Tools folder of the local computer. This snap-in is a “one-stop
shop” for administering IAS. You can use it to start and stop the IAS service; create, modify, and
delete RADIUS clients and server groups; and configure all aspects of the IAS service.
Using a Command-Line Interface
As with most of the technologies discussed in this topic, the primary command-line utility used
to configure IAS is
netsh
, using the
netsh aaaa
context. The most important task that this context
allows you to perform is importing and exporting IAS configuration information from one
server to another. In addition, you can configure RADIUS clients at the command line using
the
addradiusclients.exe
utility, which is downloadable from the Microsoft website at
247
