Internet Authentication Service (IAS) - Windows Server 2003 Networking Recipes - page 258

Information Technology Reference

In-Depth Information

Using VBScript

The following script adds a RADIUS client:

' The following script adds a RADIUS client with a friendly

' name of CLIENT1, an IP address of 10.0.0.151, and a shared

' secret of cj4!5jksdt53!%^#$kcntST^s

strComputer = "."

strFriendlyName = "CLIENT1"

strIPAddres = "10.0.0.151"

strSecret = " cj4!5jksdt53!%^#$kcntST^s"

' Now execute the netsh command

set wshShell = CreateObject("WScript.Shell")

set oExec = wshShell.Exec("netsh aaaa show config > " & strOutputFile)

set oExec = wshShell.Exec("addradiusclient.exe -name:" & strFriendlyName _

& " -address:" & strIPAddress & " -secret:" & strSecret

' Sit in a loop while the command is running

Do While oExec.Status = 0

WScript.Sleep 1000

Loop

WScript.Echo("Client added successfully!")

How It Works

Before a RADIUS client such as an NAS can connect to an IAS server, it must be configured in

the IAS MMC. If the NASs that you are using support the use of the Message Authenticator or

Signature attribute, you can specify that incoming client connections must contain that attribute.

Enabling the use of the Message Authenticator attribute provides additional security for PAP,

CHAP, MS-CHAP, and MS-CHAPv2 authentication. (EAP authentication uses the Message

Authenticator by default.)

Keep in mind that the Standard Edition of Windows Server 2003 can support a maximum

of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. The Enterprise and

Datacenter Editions place no limit on the number of RADIUS clients and remote RADIUS

server groups that you can configure. With those editions, you are limited only by the memory

and CPU speed of your server hardware. In addition, the Enterprise and Datacenter Editions

will allow you to configure clients using a network address if you have a number of RADIUS

clients on a single subnet, as long as all of the clients within that range have the same configu-

ration information, including the same shared secret. Windows Server 2003 will allow you to

specify only one client at a time using an IP address or a FQDN.

Next Page

Windows Server 2003 Networking Recipes

Search WWH ::

Custom Search

Home