Internet Authentication Service

Internet Authentication Service

Internet Authentication Service (IAS) is a component of Windows Server operating systems that provides centralized user authentication and authorization, auditing and accounting.

Overview

While Routing and Remote Access (RRAS) security is sufficient for small networks, larger companies often need a dedicated infrastructure for authentication. RADIUS is a standard for dedicated authentication servers.

Windows 2000 Server and Windows Server 2003 include the Internet Authentication Service (IAS), an implementation of RADIUS server. IAS supports authentication for Windows-based clients, as well as for third-party clients that adhere to the RADIUS standard. IAS stores its authentication information in Active Directory, and can be managed with Remote Access Policies. IAS first showed up for Windows NT 4.0 in the Windows NT 4.0 Option Pack and in "Microsoft Commercial Internet System (MCIS)" 2.0 and 2.5.

While IAS requires the use of an additional server component, it provides a number of advantages over the standard methods of RRAS authentication. These advantages include centralized authentication for users, auditing and accounting features, scalability, and seamless integration with the existing features of RRAS.

In Windows Server 2008, Network Policy Server (NPS) replaces the Internet Authentication Service (IAS). NPS performs all of the functions of IAS in Windows Server 2003 for VPN and 802.1X-based wireless and wired connections and performs health evaluation and the granting of either unlimited or limited access for Network Access Protection clients.

Logging

By default, IAS logs to local files (%systemroot%LogFilesIAS*) though it can be configured to log to SQL as well (or in place of).

When logging to SQL, IAS appears to wrap the data into XML, then calls the stored procedure report_event, passing the XML data as ntext... the stored procedure can then unwrap the XML and save data as desired by the user.

When logging to SQL Routing and RAS may not start with the Error:

"Event Type: Error - "Event Source: Service Control Manager - "Event Category: None - "Event ID: 7024 - "Date: 01.01.2005 - "Time: 00:00:00 - "User: N/A - "Computer: RASServer - "Description: "The Routing and Remote Access service terminated with service-specific error 691 (0x2B3)."For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp."

Just disable SQL Logging, clear all settings and start the service.

History

The initial version of Internet Authentication Service was included with the Windows NT 4.0 Option Pack.

Windows 2000 Server's implementation added support for more intelligent resolution of user names that are part of a Windows Server domain, support for UTF-8 logging, and improved security. [ [http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/WINDOWS2000/en/advanced/help/sag_ias_10to20.htm Windows 2000 Server ] ] . It also added support for EAP Authentication for IEEE 802.1x networks. Later on it added PEAP (with service Pack 4).

Windows Server 2003's implementation introduces support for logging to a Microsoft SQL Server database, cross-forest authentication (for Active Directory user accounts in other Forests that the IAS server's Forest has a cross-forest trust relationship with, not to be confused with Domain trust which has been a feature in IAS since NT4), support for IEEE 802.1X port-based authentication, and other features. [ [http://www.microsoft.com/windowsserver2003/evaluation/overview/technologies/networking.mspx Windows Server 2003: What's New in Networking ] ]

All versions of IAS support multi domain setups. Only Windows Server 2003 supports cross forest. While NT4 version includes a Radius Proxy, Windows 2000 didn't have such a feature. Windows Server 2003 reintroduced the feature and is capable of intelligently proxy, load balance, and tolerate faults from faulty or unreachable back-end servers.

References

External links

* [http://www.tcs.auckland.ac.nz/~james/wlan-logging/ Article describing how to log IAS (RADIUS) + DHCP to SQL]
* [http://articles.techrepublic.com.com/5100-1035-6148579.html Configure IAS RADIUS for secure 802.1x wireless LAN]
* [http://articles.techrepublic.com.com/5100-1035-6148560.html How to self-sign a RADIUS server for secure PEAP or EAP-TTLS authentication]
* [http://www.deepsoftware.com/iasviewer/ IAS Log parsing utility. Allows to visualize ias log files]
* [http://www.deankastelic.com/post/Integrating-Cisco-VPN-PIX-with-Active-Directory.aspx/ Configure IAS RADIUS to integrate VPN with Active Directory]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Internet Authentication Service — (IAS) является компонентом операционных систем Windows Server, который обеспечивает централизованное управление пользовательскими учетными записями. По умолчанию, IAS регистрирует разрешения к локальным файлам (%systemroot %LogFilesIAS*),… …   Википедия

  • Internet Authentication Service — El Servicio de autentificación de Internet o IAS (en ingles Internet Authentication Service) es un componente del sistema operativo Windows Server que proporciona autentificaciónes de usuario, autorizaciones, contabilidad y auditoría. Contenido 1 …   Wikipedia Español

  • Internet Information Services — Screenshot of IIS Manager console of Internet Information Services 7 Developer(s) Microsoft Stable release …   Wikipedia

  • Internet security — is a branch of computer security[1] specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet.[2] The Internet represents an insecure channel for exchanging information leading …   Wikipedia

  • Extensible Authentication Protocol — Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point to Point connections. It is defined in RFC 3748, which has been updated by RFC 5247. Although the EAP protocol is… …   Wikipedia

  • Internet Message Access Protocol Authentication — SMTP AUTH est une extension du protocole SMTP. C est un protocole de transfert des courriels sur Internet qui inclut une étape d authentification au cours de laquelle le client se connecte explicitement au serveur (ou relais) pour l envoi de… …   Wikipédia en Français

  • Internet message access protocol authentication — SMTP AUTH est une extension du protocole SMTP. C est un protocole de transfert des courriels sur Internet qui inclut une étape d authentification au cours de laquelle le client se connecte explicitement au serveur (ou relais) pour l envoi de… …   Wikipédia en Français

  • Authentication — (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic , that is, that claims made by or about the thing are true. This might involve confirming the identity… …   Wikipedia

  • Internet Explorer 6 — on Windows XP SP3 Developer(s) …   Wikipedia

  • Internet Explorer 5 — in Windows 98 …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”