When you have more than one Windows 2000 remote access server, the administration of remote access policies can become cumbersome very quickly. Instead, you can configure a single computer running Windows 2000 and IAS as a RADIUS server and configure the remote access servers as RADIUS clients. The IAS server provides centralized remote access authentication, authorization, accounting, and auditing. Assuming that you've already configured the remote access servers to provide access for dial-up or VPN clients, you can accomplish this by performing the procedures listed next. Each of these procedures is described in the sections that follow:
To provide redundancy and fault tolerance, configure a primary and a secondary IAS server, and copy the remote access policies from the primary server to the secondary one. Then configure each remote access server with two RADIUS servers that correspond to the two IAS servers. If the primary IAS server becomes unavailable, the remote access servers will automatically fail over to the secondary IAS server.
When you configure the properties of a remote access server running Windows 2000, you need to select RADIUS as the authentication provider. To change a server to RADIUS authentication, follow these steps:
The remote access server sends its authentication requests to the UDP port on which the IAS server listens. The default value of 1812 is based on RFC 2138, "Remote Authentication Dial-in User Service (RADIUS)," and does not need to be changed when you're using an IAS server.
When you configure the properties of a remote access server running Windows 2000, you need to select RADIUS accounting as the accounting provider.
To change a server to RADIUS accounting, follow these steps:
You need to register each of the remote access servers as clients on the IAS server. Once the remote access servers are configured to use RADIUS authentication, only the remote access policies stored on the IAS server are used, so if one of the remote access servers contains the remote access policies that are applied to all of the remote access servers, you need to copy the remote access policies to the IAS server. To copy the policies from a remote server to the IAS server, open a command window and type netsh aaaa show config <path\file>.txt. The path can be relative, absolute, or a UNC path. This command creates a text file that includes all of the configuration settings.
Copy the text file to the destination IAS server, and open a command prompt on the destination machine. Type netsh exec <path\file>.txt. A message appears telling you whether the update was successful. This procedure does not work unless both the source and destination computers are running the same version of Windows 2000.