Connection request policies are sets of conditions and settings that allow network administrators to designate which Remote Authentication Dial-In User Service (RADIUS) servers perform the authentication and authorization of connection requests that the server running Network Policy Server (NPS) receives from RADIUS clients.
The default connection request policy uses NPS as a RADIUS server and processes all authentication requests locally.
To configure a server running NPS to act as a RADIUS proxy and forward connection requests to other NPS or RADIUS servers, you must configure a remote RADIUS server group in addition to adding a new connection request policy that specifies conditions and settings that the connection requests must match.
You can create a new remote RADIUS server group while you are creating a new connection request policy with the New Connection Request Policy Wizard.
If you do not want the NPS server to act as a RADIUS server and process connection requests locally, you can delete the default connection request policy.
If you want the NPS server to act as both a RADIUS server, processing connection requests locally, and as a RADIUS proxy, forwarding some connection requests to a remote RADIUS server group, add a new policy using the following procedure and then verify that the default connection request policy is the last policy processed.
Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.
|To add a new connection request policy|
Open the NPS console, and then double-click Policies.
In the console tree, right-click Connection Request Policies, and then click New Connection Request Policy.
Use the New Connection Request Policy Wizard to configure your connection request policy and, if not previously configured, a remote RADIUS server group.