Discussion:
Relaying acctg records with IAS
(too old to reply)
baskarguha@rediffmail.com
2009-03-14 22:37:13 UTC
Permalink
Folks -
Is there any way to relay (not be a proxy) accounting records that
(Win2K3 or Win2K7) IAS sees to a remote server? The idea is to have
the remote server crunch on the acctg stuff. Making IAS a proxy is
not what I want as it would force the remote server to also do
authentication which it cannot. Something similar to radrelay
functionality in freeradius.
Thanks
- Baskar
FenderAxe
2009-03-16 01:29:20 UTC
Permalink
Post by ***@rediffmail.com
Folks -
Is there any way to relay (not be a proxy) accounting records that
(Win2K3 or Win2K7) IAS sees to a remote server? The idea is to have
the remote server crunch on the acctg stuff. Making IAS a proxy is
not what I want as it would force the remote server to also do
authentication which it cannot. Something similar to radrelay
functionality in freeradius.
Thanks
- Baskar
Yeah you can do this in IAS, just configure a connection request policy to
forward accounting records but not authenticationn.

FA
Baskar Guha
2009-03-31 16:37:11 UTC
Permalink
Thanks. I have tried creating a new config policy and set the acctg records
to be fwded to a remote server group that I have also defined. For whatever
reason, I am not seeing the forwarded accounting records on my remote server
(freeradius). Any ideas as to how to troubleshoot this on the IAS side?
Post by FenderAxe
Post by ***@rediffmail.com
Folks -
Is there any way to relay (not be a proxy) accounting records that
(Win2K3 or Win2K7) IAS sees to a remote server? The idea is to have
the remote server crunch on the acctg stuff. Making IAS a proxy is
not what I want as it would force the remote server to also do
authentication which it cannot. Something similar to radrelay
functionality in freeradius.
Thanks
- Baskar
Yeah you can do this in IAS, just configure a connection request policy to
forward accounting records but not authenticationn.
FA
Baskar Guha
2009-04-02 08:53:02 UTC
Permalink
The only way I can see accounting info on the remote server is when I also
have authentication go there. So the question is if it is even possible with
IAS to authenticate locally and pass on the accounting info to a remote
server.
Post by Baskar Guha
Thanks. I have tried creating a new config policy and set the acctg records
to be fwded to a remote server group that I have also defined. For whatever
reason, I am not seeing the forwarded accounting records on my remote server
(freeradius). Any ideas as to how to troubleshoot this on the IAS side?
Post by FenderAxe
Post by ***@rediffmail.com
Folks -
Is there any way to relay (not be a proxy) accounting records that
(Win2K3 or Win2K7) IAS sees to a remote server? The idea is to have
the remote server crunch on the acctg stuff. Making IAS a proxy is
not what I want as it would force the remote server to also do
authentication which it cannot. Something similar to radrelay
functionality in freeradius.
Thanks
- Baskar
Yeah you can do this in IAS, just configure a connection request policy to
forward accounting records but not authenticationn.
FA
James McIllece [MS]
2009-06-03 19:33:57 UTC
Permalink
Post by ***@rediffmail.com
Folks -
Is there any way to relay (not be a proxy) accounting records that
(Win2K3 or Win2K7) IAS sees to a remote server? The idea is to have
the remote server crunch on the acctg stuff. Making IAS a proxy is
not what I want as it would force the remote server to also do
authentication which it cannot. Something similar to radrelay
functionality in freeradius.
Thanks
- Baskar
Hi Baskar --

You can forward accounting requests only to remote servers with IAS and
NPS. In other words, IAS and NPS servers can act as a RADIUS proxy that
forwards accounting messages to remote RADIUS servers, while performing
authentication and authorization locally.

The information on how to set this up is in the IAS and NPS Help.

Thanks --

James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.
Loading...