|Applies To||RSA ACE/Agent 5.5 for Windows|
Microsoft Windows 2000 Server SP3
Microsoft Internet Authentication Service (IAS)
|Issue||RADIUS running on Microsoft Internet Authentication Service (IAS) does not authenticate without EAP|
Installed RSA ACE/Agent 5.5 on Windows 2000. User is authenticating from a Cisco PIX firewall. RADIUS running on IAS receives the request, but does not forward to ACE/Server. ACE/Server log monitor does not show any errors.
|Resolution||To correct this issue, follow these steps:|
1. On Windows 2000, Microsoft IAS works only using EAP. The RADIUS running on IAS does not have the ability to proxy or forward the request using the Agent .DLL files. The end user machine must have EAP client installed.
For more information on configuring EAP on a Microsoft IAS server, please see the solution titled Installing RSA ACE/Agent 5.5 on Microsoft Internet Authentication Service (IAS) server.
2. Microsoft IAS RADIUS running on .NET server can forward the request to RSA ACE/Server using the Agent 5.0 .DLL's, and does not require to use EAP. Authentication request may come from any RADIUS client. RSA ACE/Agent 5.5 should be installed on a Microsoft IAS server.
NOTE: You can configure IAS in Windows Server 2003 Standard Edition with a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client using a fully-qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully-qualified domain name of a RADIUS client resolves to multiple IP addresses, the IAS server uses the first IP address returned in the DNS query. However, with IAS in Windows Server 2003 Enterprise Edition and Windows Server 2003 Datacenter Edition, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure RADIUS clients by specifying an IP address range.
|Legacy Article ID||a17227|