A Sample Configuration Checklist

This section describes the tasks necessary to set up and configure IAS at a corporate site to communicate with an Internet Service Provider (ISP) requesting authentication for corporate dial-in users. The corporation will use both an IAS server and a Windows NT Domain Controller as the authentication provider.

  1. Research the following information for each of the ISP’s RADIUS proxies or network access servers that will route authentication requests to your corporation:
    • IP address or DNS name, and password.

    • Does the ISP use the default RADIUS UDP port numbers?

    • Does the ISP route accounting records to your IAS?

    • Make sure that the ISP strips the prefixes/suffixes on the user name before sending the packets to your IAS.
  2. Decide on the attributes to use in your RADIUS profile. You may need to edit the sample PPP profile. Research whether or not the ISP requires specific attributes, or explicitly disallows other attributes.

  3. Make sure that your IAS is a member of, or in a trust relationship with, the Windows NT domain against which it will authenticate dial-in corporate users. For further information on Windows NT domain configuration, see your Windows NT Server documentation.

  4. Install all components of IAS.

  5. Open the administration user interface.

  6. Set authentication service properties with the port numbers you determined in step 1.

  7. Register the ISP’s RADIUS proxies as RADIUS clients.

  8. Create RADIUS profiles with the information you determined in step 2.

  9. Set up logging for RADIUS accounting packets, if desired.

© 1997 by Microsoft Corporation. All rights reserved.