Internet Authentication Service (IAS) is a component of

Windows Server Windows Server (formerly Windows NT Server) is a group of operating systems (OS) for servers that Microsoft has been developing since July 27, 1993. The first OS that was released for this platform was Windows NT 3.1 Advanced Server. With the r ...

operating systems that provides centralized user authentication, authorization and accounting.

Overview

While

Routing and Remote Access Service Routing and Remote Access Service (RRAS) is a Microsoft API and server software that makes it possible to create applications to administer the routing and remote access service capabilities of the operating system, to function as a network router ...

(RRAS) security is sufficient for small networks, larger companies often need a dedicated infrastructure for authentication.

RADIUS In classical geometry, a radius ( : radii) of a circle or sphere is any of the line segments from its center to its perimeter, and in more modern usage, it is also their length. The name comes from the latin ''radius'', meaning ray but also the ...

is a standard for dedicated authentication servers.

Windows 2000 Server Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officiall ...

and

Windows Server 2003 Windows Server 2003 is the sixth version of Windows Server operating system produced by Microsoft. It is part of the Windows NT family of operating systems and was released to manufacturing on March 28, 2003 and generally available on April 24, 2 ...

include the Internet Authentication Service (IAS), an implementation of RADIUS server. IAS supports authentication for Windows-based clients, as well as for third-party clients that adhere to the RADIUS standard. IAS stores its authentication information in

Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralize ...

, and can be managed with Remote Access Policies. IAS first showed up for

Windows NT 4.0 Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 3.51, which was released to manufacturing on July 31, 1996, and then to retail ...

in the Windows NT 4.0 Option Pack and in ''Microsoft Commercial Internet System (MCIS)'' 2.0 and 2.5. While IAS requires the use of an additional server component, it provides a number of advantages over the standard methods of RRAS authentication. These advantages include centralized authentication for users, auditing and accounting features, scalability, and seamless integration with the existing features of RRAS. In

Windows Server 2008 Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on Fe ...

Network Policy Server Network Policy and Access Services (NPAS) is a component of Windows Server 2008. It replaces the Internet Authentication Service (IAS) from Windows Server 2003. NPAS helps you safeguard the health and security of a network. The NPAS server role inc ...

(NPS) replaces the Internet Authentication Service (IAS). NPS performs all of the functions of IAS in Windows Server 2003 for VPN and 802.1X-based wireless and wired connections and performs health evaluation and the granting of either unlimited or limited access for

Network Access Protection Network Access Protection (NAP) is a Microsoft technology for controlling network access of a computer, based on its health. With NAP, system administrators of an organization can define policies for system health requirements. Examples of system h ...

clients.

Logging

By default, IAS logs to local files (%systemroot%\LogFiles\IAS\*) though it can be configured to log to SQL as well (or in place of). When logging to SQL, IAS appears to wrap the data into

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. T ...

, then calls the stored procedure report_event, passing the XML data as text... the stored procedure can then unwrap the XML and save data as desired by the user.

History

The initial version of Internet Authentication Service was included with the

Option Pack. Windows 2000 Server's implementation added support for more intelligent resolution of user names that are part of a

Windows Server domain A Windows domain is a form of a computer network in which all user accounts, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as domain controlle ...

, support for

UTF-8 UTF-8 is a variable-width encoding, variable-length character encoding used for electronic communication. Defined by the Unicode Standard, the name is derived from ''Unicode'' (or ''Universal Coded Character Set'') ''Transformation Format 8-bit'' ...

logging, and improved security. It also added support for EAP Authentication for

IEEE 802.1x IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. IEEE 802.1X defines t ...

networks. Later on it added PEAP (with service Pack 4). Windows Server 2003's implementation introduces support for logging to a

Microsoft SQL Server Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which ma ...

database, cross-forest authentication (for Active Directory user accounts in other Forests that the IAS server's Forest has a cross-forest trust relationship with, not to be confused with Domain trust which has been a feature in IAS since NT4), support for

IEEE 802.1X IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. IEEE 802.1X defines t ...

port-based authentication, and other features.Windows Server 2003: Network Protocols and Technologies
/ref> All versions of IAS support multi domain setups. Only Windows Server 2003 supports cross forest. While NT4 version includes a Radius Proxy, Windows 2000 didn't have such a feature. Windows Server 2003 reintroduced the feature and is capable of intelligently proxy, load balance, and tolerate faults from faulty or unreachable back-end servers.

References

External links

Deploying Internet Authentication Service (IAS)
in Windows 2003
Internet Authentication Service
in the Microsoft Windows 2000 Resource Kit
Article describing how to log IAS (RADIUS) + DHCP to SQL
* * {{webarchive , date=2012-12-05 , url=https://archive.today/20121205235549/http://articles.techrepublic.com.com/5100-1035-6148560.html , title=How to self-sign a RADIUS server for secure PEAP or EAP-TTLS authentication
IAS Log parsing utility. Allows to visualize ias log files
Microsoft Windows security technology Windows Server Microsoft server technology Computer access control Internet security