Information Technology Reference
In-Depth Information
3.
On the Security tab, select RADIUS Authentication from the Authentication Provider
drop-down box, and then click Configure.
4.
Click Add to configure a new RADIUS authentication server.
5.
Enter the IP address or FQDN of the server in the Server Name text box. Modify the fol-
lowing as necessary:
Server name:
The FQDN or IP address of the server.
Secret:
Allows you to manually specify the shared secret used to encrypt the messages
sent between the RRAS server and the RADIUS server. Both the RRAS server and
the RADIUS server need to be configured with the same shared secret in order for
communications to be successful.
Time-out:
The amount of time (in seconds) that the RRAS server will attempt to
contact this RADIUS server before moving on to another configured server (defaults
to 5 seconds).
Initial score:
RRAS will use a RADIUS server's score to determine to which server to
send messages. A RADIUS server's score is calculated based on its initial score and
adjusted for its current level of responsiveness. The RADIUS server with the highest
current score is the one that will be used for each client request.
Port:
The UDP port being used by the RADIUS server. By default, this is port 1812 for
authentication requests and 1813 for accounting messages.
Always use message authenticator:
Enabling the use of the Message Authenticator
provides additional security for PAP, CHAP, MS-CHAP, and MS-CHAPv2 authentica-
tion. (EAP authentication uses the Message Authenticator by default.)
6.
When you have finished configuring RADIUS authentication servers, click OK.
7.
Select RADIUS Accounting from the Accounting Provider drop-down box.
8.
Click Add to configure a new RADIUS accounting server.
9.
Enter the IP address or FQDN of the server in the Server Name text box. Modify the
shared secret, time-out, initial score, and port configuration if necessary (see step 5).
Optionally, place a check mark next to the Send RADIUS Accounting On and Accounting
Off Messages. (This will create log information whenever the RAS is restarted.)
10.
When you've finished configuring RADIUS accounting servers, click OK.
11.
Click OK to save your changes to the remote access server.
Using a Command-Line Interface
The following command will add a RADIUS authentication server named
server1.
mycompany.com
to the local RRAS server, using TCP port 1669 and a 10-second unavailability
time-out:
> netsh ras aaaa add authserver name = server1.mycompany.com
port = 1669 timeout = 10
