70291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

70291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet

Description:

Add new RADIUS server to the list. Enter shared secret. Guide to MCSE 70-291, Enhanced ... Server groups are required for IAS to act as a RADIUS proxy ... – PowerPoint PPT presentation

Number of Views:73
Avg rating:3.0/5.0
Slides: 37
Provided by: phil200
Category:

less

Transcript and Presenter's Notes

Title: 70291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet


1
70-291 MCSE Guide to Managing a Microsoft
Windows Server 2003 Network, Enhanced Chapter
11 Internet Authentication Service
2
Objectives
  • Understand and describe the purpose of the RADIUS
    protocol
  • Describe the function of RADIUS servers, clients,
    and proxies
  • Configure a RADIUS server using the Internet
    Authentication Service
  • Configure a RADIUS proxy using the Internet
    Authentication Service

3
Objectives (continued)
  • Configure RRAS as a RADIUS client
  • Troubleshoot RADIUS

4
RADIUS Overview
  • RADIUS remote authentication dial-in user
    service
  • Designed to centralize the authentication process
    for large distributed networks
  • Originally intended for dial-up networks
  • Can be used for VPN servers, switches, and
    wireless access points
  • Two mandatory server roles
  • RADIUS client
  • RADIUS server

5
RADIUS Overview (continued)
  • The RADIUS client accepts authentication
    information from users or devices and forwards
    the information to a RADIUS server
  • The RADIUS server accepts authentication
    information from a RADIUS client
  • Windows Server 2003 can act as either a RADIUS
    server or RADIUS client

6
RADIUS Overview (continued)
  • Install IAS to use Windows Server 2003 as a
    RADIUS Server
  • RADIUS proxies act as intermediaries between
    RADIUS clients and RADIUS servers

7
Radius Overview (continued)
8
Radius Overview (continued)
9
Outsourcing Dial-up Requirements
  • You can use IAS to outsource dial-up requirements
    and allow roaming users to continue logging on
    using Active Directory user name and passwords
  • A user dials into ISP, ISP forwards request to
    RADIUS proxy, RADIUS proxy forwards request to
    RADIUS server, RADIUS server passes information
    to domain controller for authentication

10
Outsourcing Dial-up Requirements (continued)
11
Configuring IAS as a RADIUS Server
  • IAS is standard component of Windows Server 2003
  • Installed through Add or Remove Programs
  • Must be configured using IAS snap-in before being
    used
  • IAS must be registered with Active Directory if
    Active Directory is used on the network
  • IAS server will not respond to any requests from
    RADIUS clients not listed in the IAS configuration

12
Configuring IAS as a RADIUS Server (continued)
13
Configuring IAS as a RADIUS Server (continued)
14
Configuring IAS as a RADIUS Server (continued)
15
Configuring IAS as a RADIUS Server (continued)
16
Activity 11-1 Configuring IAS as a Radius Server
  • Objective Install IAS so your server can act as
    a RADIUS server
  • Install IAS through Add or Remove Programs
  • Add RADIUS clients
  • Enter a password in the shared secret box

17
Configuring RRAS as a RADIUS Client
  • The RRAS server acts as a RADIUS client if it
    passes authentication requests
  • You may specify that a RADIUS server be used for
    authentication when configuring RRAS
  • You must specify the name or IP address of the
    RADIUS server and shared secret when configuring
    RRAS as a RADIUS server

18
Configuring RRAS as a RADIUS Client (continued)
19
Configuring RRAS as a RADIUS Client (continued)
20
Activity 11-2 Configuring a RRAS Client
  • Objective Configure a RRAS server to use IAS for
    authentication
  • Use Routing and Remote Access control
  • Add new RADIUS server to the list
  • Enter shared secret

21
Activity 11-3 Testing RADIUS
  • Objective Create a VPN connection to your RRAS
    server to test RADIUS authentication
  • Create a new VPN network connection
  • Select anyones use
  • If RADIUS is configured successfully, your RRAS
    server should contact the IAS service on your
    partners computer

22
Configuring IAS as a RADIUS Proxy
  • Windows Server 2003 can act as a RADIUS proxy
  • Windows Server 2003 can act as both RADIUS proxy
    and RADIUS server at the same time
  • Connection request policies determine how a
    RADIUS request is handled

23
Remote RADIUS Server Groups
  • Server groups are required for IAS to act as a
    RADIUS proxy
  • RADIUS requests and logging information are
    forwarded to remote RADIUS server groups
  • Server groups allow for load balancing and fault
    tolerance
  • Weight setting is used to configure load
    balancing
  • Priority is assigned to provide fault tolerance

24
Remote RADIUS Server Groups (continued)
25
Activity 11-4 Creating a Remote RADIUS Server
Group
  • Objective Create a remote RADIUS server group
    that can be used when IAS is configured as a
    RADIUS proxy
  • Use the New Remote RADIUS Server Group Wizard
  • Group name is Engineering
  • Enter shared secret

26
Connection Request Policies
  • Constructed similarly to a remote access policy
  • No permissions
  • Conditions are a subset of the conditions found
    in remote access policies
  • Conditions include Day-And-Time-Restrictions,
    Client-IP-Addresses, and Client-Vendor
  • Profile has very different options than profile
    in remote access policy

27
Connection Request Policies (continued)
28
Connection Request Policies (continued)
29
Activity 11-5 Creating a Connection Request
Policy
  • Objective Create a new connection request policy
    to configure your server as a RADIUS proxy
  • Add a new connection request policy
  • Use New Connection Request Policy Wizard
  • Use proxy name EngineeringProxy

30
Troubleshooting RADIUS
  • Most remote access problems are not related to
    RADIUS
  • Before troubleshooting RADIUS, ensure users can
    obtain remote access without RADIUS
  • Use log files whenever possible

31
Troubleshooting RADIUS (continued)
32
Troubleshooting RADIUS (continued)
33
Troubleshooting RADIUS (continued)
34
Activity 11-6 Logging IAS Information to a File
  • Objective Enable IAS event logging
  • Ensure that all accounting requests are logged
  • Ensure that all valid and nonvalid authentication
    requests are logged
  • Ensure all interim accounting requests are logged

35
Summary
  • RADIUS may be used to centralize remote access
    authentication and logging
  • RADIUS is composed of the RADIUS clients, RADIUS
    servers, and RADIUS proxies
  • RADIUS clients forward authentication requests to
    RADIUS servers, RADIUS servers then authenticate
    the requests and authorize the connections
  • A RADIUS proxy can be used as an intermediary
    between RADIUS clients and servers in large
    environments
  • IAS allows Windows Server 2003 to act as a RADIUS
    server

36
Summary (continued)
  • RRAS can act as a RADIUS client when configured
    as a remote access server
  • IAS can also be configured as a RADIUS proxy
  • Connection request policies are used on each
    request to determine whether IAS acts as a RADIUS
    server or a RADIUS proxy
  • Connection request policies are composed of a
    condition and a profile
  • IAS can log information to a file or SQL server
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "70291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!