Internet Authentication Service on DC?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Is it possible to install the Internet Authentication Service (RADIUS server) for wireless AP on a W2K3 domain controller?
Any conflicts with domain controller GPOs?
Gaute
 
It's possible to run radius on a domain controller but not recommended. DC's
should be used solely as DC's in an ideal world but of course the mighty
dollar sometimes dictates otherwise.
Conflicting GPO's will depend entirely on what settings you have enabled but
GPO's are specific to OU's, domains and sites, not particular network
services so you shouldn't see a conflict in GPO's.

Gaute said:
Is it possible to install the Internet Authentication Service (RADIUS
Click to expand...
server) for wireless AP on a W2K3 domain controller?
 
Why is this "not recommended"?

What could happen - performance, security, scalability, operational problems, other risks???

My impression is that Windows architects (as opposed to host architects) prefer the "one application-one box" solution just because that is what they are used to, without having evaluated nor discussed consolidated solutions.

Gaute
 
It's not recommended to run any other services on a DC if the budget will
allow for it. The simple reason for this is to reduce the attack surface of
a DC. As Active Directory is a critical function on many networks you want
these boxes made as secure as possible and the most basic way you can do
this is to run as few services as possible on these servers with as few open
ports as you can get away with.
When you add new servers to a network you will generally scale up or scale
out. One application, one box is scaling out. Two applications, bigger box
is scaling up and both solutions will be valid for different situations. But
the advice for DC's always remains the same, don't run anything else on them
if your budget allows for it.

Gaute said:
Why is this "not recommended"?

What could happen - performance, security, scalability, operational problems, other risks???

My impression is that Windows architects (as opposed to host architects)
Click to expand...
prefer the "one application-one box" solution just because that is what they
are used to, without having evaluated nor discussed consolidated solutions.
 
Back
Top