Key Concepts

RADIUS

Internet Authentication Service uses the Remote Authentication Dial-In User Server (RADIUS) protocol to authenticate users and track how much time they spend online. Microsoft Internet Authentication Service also lets you control which areas of a network your users can access. Use of the RADIUS standard enables telecommuters’ computers, network-operator equipment, and authentication databases to work together securely and seamlessly. RADIUS is a standard of the Internet Engineering Task Force (IETF), documented in the specifications, “Remote Authentication Dial In User Service (RADIUS)” and “RADIUS Accounting.” The most current versions of these specifications at the time of this product release are RFC 2138 and RFC 2139, respectively.

Point-to-Point Tunneling Protocol

The Point-to-Point Tunneling Protocol (PPTP) encapsulates PPP protocol packets within IP for communication over the Internet. Using Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) and Microsoft Point-to-Point Encryption (MPPE), PPTP ensures that data can be sent securely to the corporate intranet over the Internet.

Currently PPTP-enabled clients are available from Microsoft for Windows 95 and Windows NT, and from third parties such as Network Telesystems (NTS) for Macintosh and Windows 3.1. Windows NT Server 4.0 includes a PPTP server.

Shared Secrets

A shared secret is a text string shared between an IAS RADIUS server and the servers connected to it, or clients. These servers include the Network access server (NAS), other RADIUS servers and proxies, and the authentication providers, which are often the corporate clients themselves. It is represented as clear text in the IAS Clients file.


© 1997 by Microsoft Corporation. All rights reserved.