Microsoft Network Policy Server

Geometry

The Remote Authentication Dial-In User Service (RADIUS) protocol plays a central role in user authentication in many companies. The client-server protocol is used for user and computer authentication, authorization, and accounting. RADIUS is often used in combination with access points, VPNs, and other technologies in which the protocol controls the dial-in or login to a computer network.

Network Policy Server [1] is an implementation of the RADIUS protocol for Microsoft environments. The protocol is the de facto standard for centralized authentication of dial-up connections over VPN and WiFi (IEEE 802.1X). During authentication, the service determines which user or computer wants to authenticate itself. To make sure the user or computer is who or what they claim to be, classic username and password procedures are used along with security tokens. Once the resource is uniquely identified, authorization takes over the assignment of rights and permissions. Accounting (account management) here refers to logging by the network policy server.

The RADIUS server handles authentication for the service (i.e., checking the username and password or certificates) and provides parameters for the connection to the client. The RADIUS server takes the authentication information used for this from its own configuration or determines it by querying other databases or directory services such as Active Directory (AD), in which the access credentials (e.g., username and password) are stored. In this way, all user settings can be managed centrally, regardless of the network infrastructure.

In Windows Server 2000, Microsoft implemented its own RADIUS server under the name Internet Authentication Service (IAS). Starting with Windows Server 2008, Microsoft renamed IAS to Network Policy Server (NPS). Compared with IAS, NPS has a number of additional features, the most important being:

• Network Access

... comments powered by Disqus