Set up Windows Radius Server.

Set up Windows Radius Server.

http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-configure-ias-to-support-two-factor-authentication

I am looking at the link above.
In our environment we have 2 domain controllers. I wan to set up IAS as Radius server and set  up VPN appliance as Radius client.

I want user authentication to be validated by our domain controllers DC1 and DC2.
I wonder whether by ,just authorizing RADIUS server in AD will do the job, or I need somehow to individually add DC1 and DC2 to Radius server.

Any help will be very much appreciated.

Thanks
jskfanAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Craig BeckConnect With a Mentor Commented:
Yes, you don't need to install the RADIUS service on a DC, but you can if you want to.  As long as the server where you install IAS/NPS is a member-server on the domain you want to authenticate users in you will be fine.
0
 
Jakob DigranesConnect With a Mentor Senior ConsultantCommented:
the link provides setting up a radius Proxy to forward authentication requests to other Radius Servers - as a security measure. Most likely you wouldn't need that.

Authorizing the Radius server in AD will read users properties for both servers, so if DC1 is down - they still can authenticate using DC2
0
 
Aaron TomoskyConnect With a Mentor SD-WAN SimplifiedCommented:
And don't install two radius servers. Apparently there are special things you have to do if you want more than one to keep them in sync.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
Craig BeckConnect With a Mentor Commented:
...all you need to do is configure one server how you want it then export the AAA config using NETSH, then import into the second RADIUS server.  It's not a problem.  It's actually advisable to have more than one RADIUS for redundancy.
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
I think the issue I personally experienced was the lack of 3rd party trusted certs for those servers, so it was easier to just use one radius server in my environment.

http://technet.microsoft.com/en-us/library/jj200219.aspx
0
 
Craig BeckCommented:
You could have still used two RADIUS servers if you issued a cert to each IAS from your internal PKI.  I suspect you were using self-signed certs in your scenario?
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
Don't want to take over this question with my details, but basically radius2 (on dc2) was not authenticating anyone. I read about cert stuff and just killed it. radius1 is my dc1 anyway and it's a small office so if dc1 goes out I've got bigger problems.
0
 
Craig BeckCommented:
Agreed we're stealing the thread... :-)
0
 
jskfanAuthor Commented:
Thank you Guys
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.