Use this wizard page to configure the source of authentication for RRAS.
- If you select No, then the RRAS server
performs its own authentication. The user credentials sent by users
attempting connections are authenticated using typical Windows
authentication mechanisms, and the connection attempt is authorized
using the remote client’s user account properties and network
policies. The remote access server must be joined to a domain to
authenticate with Active Directory Domain Services (AD DS).
Permissions for VPN and dial-up users are configured in Active
Directory Users and Computers, on the Dial-in tab of the
User Properties dialog box. By default, the Active Directory
setting refers to Network Policy Server (NPS), but can be
configured to allow or deny access to a user account.
- If you select Yes, then Remote
Authentication Dial-In User Service (RADIUS) performs
authentication for the RRAS server. User credentials and parameters
for the connection request are sent as RADIUS request messages to a
RADIUS server. The RADIUS server receives a user-connection request
from the RRAS server and authenticates and authorizes the
connection attempt. The RADIUS server must be joined to a domain to
authenticate with AD DS.
If you have more than one remote access server, instead of administering the network policies of all the remote access servers separately, you can configure a single server with NPS as a RADIUS server and configure the remote access servers as RADIUS clients. The server running NPS provides centralized remote access authentication, authorization, accounting, and auditing.