遠端 RADIUS 伺服器群組Remote RADIUS Server Groups

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

當您設定的遠端驗證 Dial 使用者服務 (RADIUS) proxy 的網路原則 Server (NPS) 時,您可以使用 NPS RADIUS 伺服器正處理連接要求,因為它們可以在 account 使用者或電腦位於網域中執行驗證和授權的請求連接轉送給。When you configure Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) proxy, you use NPS to forward connection requests to RADIUS servers that are capable of processing the connection requests because they can perform authentication and authorization in the domain where the user or computer account is located. 例如,如果您想要轉送連接要求受信任的網域中的一或多個 RADIUS 伺服器,您可以設定 NPS RADIUS proxy 轉送未受信任的網域中的遠端 RADIUS 伺服器要求為。For example, if you want to forward connection requests to one or more RADIUS servers in untrusted domains, you can configure NPS as a RADIUS proxy to forward the requests to the remote RADIUS servers in the untrusted domain.

注意

遠端 RADIUS 伺服器群組是無關和分開 Windows 群組。Remote RADIUS server groups are unrelated to and separate from Windows groups.

若要設定 NPS RADIUS proxy 為,您必須建立連接要求原則,其中包含所有的 NPS 評估轉送給的簡訊,以及將訊息傳送所需的資訊。To configure NPS as a RADIUS proxy, you must create a connection request policy that contains all of the information required for NPS to evaluate which messages to forward and where to send the messages.

當您 NPS RADIUS 伺服器群組遠端設定,您可以設定連接要求原則群組您指定轉送連接要求 NPS 的位置。When you configure a remote RADIUS server group in NPS and you configure a connection request policy with the group, you are designating the location where NPS is to forward connection requests.

設定適用於群組 RADIUS 伺服器Configuring RADIUS servers for a group

遠端 RADIUS 伺服器群組是一個包含一或多個 RADIUS 伺服器命名的群組。A remote RADIUS server group is a named group that contains one or more RADIUS servers. 如果您設定一個以上的伺服器,您可以指定負載平衡設定,以確定的訂單伺服器由 proxy,或是 RADIUS 訊息的流量分配避免載太多連接要求伺服器一或多個群組中的所有伺服器。If you configure more than one server, you can specify load balancing settings to either determine the order in which the servers are used by the proxy or to distribute the flow of RADIUS messages across all servers in the group to prevent overloading one or more servers with too many connection requests.

每個群組中的伺服器具有下列設定。Each server in the group has the following settings.

  • 名稱或地址Name or address. 每個群組成員必須群組中的唯一名稱。Each group member must have a unique name within the group. 名稱可能 IP 位址,或是的名稱解析為 IP 位址。The name can be an IP address or a name that can be resolved to its IP address.

  • 驗證及計量Authentication and accounting. 您可以向前驗證要求、計量要求,或兩者設定為每個遠端 RADIUS 伺服器群組成員。You can forward authentication requests, accounting requests, or both to each remote RADIUS server group member.

  • 負載平衡Load balancing. 優先順序設定用來表示群組成員主要伺服器(的優先順序設定為 [1)。A priority setting is used to indicate which member of the group is the primary server (the priority is set to 1). 具有相同的優先順序群組成員,減重設定用來頻率計算每個伺服器傳送 RADIUS 訊息。For group members that have the same priority, a weight setting is used to calculate how often RADIUS messages are sent to each server. 您可以使用額外的設定來設定 NPS 伺服器偵測到群組成員第一次不使用時,可供使用時已經判斷無法後的方式。You can use additional settings to configure the way in which the NPS server detects when a group member first becomes unavailable and when it becomes available after it has been determined to be unavailable.

設定遠端 RADIUS 伺服器群組之後,您可以指定群組中驗證計量連接要求原則設定。After you have configured a Remote RADIUS Server Group, you can specify the group in the authentication and accounting settings of a connection request policy. 因此,您可以設定遠端 RADIUS 伺服器群組第一次。Because of this, you can configure a remote RADIUS server group first. 接下來,您可以設定要使用的新設定遠端 RADIUS 伺服器群組連接要求原則。Next, you can configure the connection request policy to use the newly configured remote RADIUS server group. 或者,您可以使用新的連接要求原則精靈建立連接要求原則時,建立新的遠端 RADIUS 伺服器群組。Alternatively, you can use the New Connection Request Policy Wizard to create a new remote RADIUS server group while you are creating the connection request policy.

如需 NPS 的詳細資訊,請查看的網路原則 Server (NPS)For more information about NPS, see Network Policy Server (NPS).