Local User Accounts Cannot Log On to Radius Server

• Microsoft Windows Server

SUMMARY

When you dial a Windows 2000 Radius server for authentication with a local Windows 2000 user account (as opposed to a domain account), you may not be able to log on.

MORE INFORMATION

The functionality in Windows 2000 Radius Server differs from earlier versions of Microsoft Radius Server included with Microsoft Internet Information Server (IIS) 4.0 and Microsoft Commercial Internet System (MCIS) 2.0.

In earlier versions, when you log on with a user name and password and do not specify a domain or local machine name, the Radius server first checks the local account database for the user name. If the account is not found, the Radius server checks the domain on which it is a member. If the user name is still not found, the Radius server checks all of the domains that have trust relationships with the domain on which the Radius server is a member.

A Windows NT 2000 Radius server checks only the domain controller of the domain on which the Radius server is a member. If you want to log on using an account local to the Radius server or an account in another domain, you must specify the Radius server machine name or a different domain name before your user name.

This is a more efficient logon process. However, when you use Radius proxying, you need to specify the full logon user name (such as "DomainName\UserName@radius-realm.com") so that the Radius logon request is routed to the correct Radius server. That Radius server then authenticates the account from the correct domain.

Keywords : kbnetwork ntras
Version : WINDOWS:
Platform : WINDOWS
Issue type : kbinfo