Internet Authentication Service (IAS) and RADIUS
Starting with Windows 2000 Server (and in Windows Server 2003), Microsoft has included the so-called Internet Authentication Service, or IAS, with its server offerings. IAS is Microsoft’s implementation of a standard Remote Authentication Dial-In User Service server, aka RADIUS server, as defined in IETF RFCs 2865 and 2866. Like other RADIUS implementations, IAS provides centralized connection authentication, authorization, and accounting services for various types of network access. These types include wireless, authenticating switch, dial-up and VPN remote access, as well as router-to-router connections. In the Windows Server environment, IAS also works with the Routing and Remote Access Service, aka RRAS.
Like other RADIUS implementations, IAS can act as a RADIUS server to any device that supports RADIUS, but as with most Windows implementations, it also include special features available to Windows domain and/or Active Directory clients. IAS and RADIUS are designed to permit centralized authentication and accounting for remote access users suitable for corporate remote access, outsourced remote access providers, third-party dial-up service providers, and even for Internet Service Providers (ISPs).
Microsoft offers a whole slew of white papers and resources on IAS that may be of interest to those who use Windows Servers and seek an integrated remote authentication service, including:
- Internet Authentication Service for Windows 2000 http://www.microsoft.com/windows2000/techinfo/howitworks/communications/remoteaccess/ias.asp
- RADIUS Protocol Security and Best Practices http://www.microsoft.com/windows2000/techinfo/administration/radius.asp
- Access Server Requirements for Interoperability with IAS
- Enterprise Deployment of IEEE 802.11 Using Windows XP and IAS http://www.microsoft.com/WindowsXP/pro/techinfo/deployment/wireless/default.asp
- Networking Deployment Guide http://www.microsoft.com/windows2000/techinfo/reskit/deploy/networking/default.asp
- Managing Remote Access on a Per-group Basis using Windows 2000 Remote Access Policies http://www.microsoft.com/windows2000/techinfo/administration/management/pgremote.asp
- Microsoft RADIUS newsgroup microsoft.public.internet.radius (available through http://communities.microsoft.com/newsgroups/ )
Other RADIUS Server implementations are widely available, including numerous Open Source implementations for UNIX and Linux platforms, and several third-party products for Windows. Most notably, this latter category includes products from RadTac (http://www.radtac.com) and XPerience Technologies Clearbox RADIUS TACACS+ Sever (http://xperiencetech.com/download/gettrial.asp). Cisco’s TCP Magazine also includes a useful story entitled “Q and A: Setting up a RADIUS Server” (April 29, 2002; http://www.tcpmag.com/qanda/article.asp?EditorialsID=168).