Configure the Message Authenticator attribute and shared secret

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure the Message Authenticator attribute and shared secret

Open Internet Authentication Service.
In the console tree, click RADIUS Clients.
In the details pane, double-click the client for which you want to edit the configuration.
To enable or disable use of the Message Authenticator attribute, click Request must contain the Message Authenticator attribute.
In Shared secret, type a shared secret. In Confirm shared secret, retype the shared secret.
Click OK to save your changes.

Notes

To open Internet Authentication Service, click Start, click Control Panel, double-click Administrative Tools, and then double-click Internet Authentication Service.
When you enable the Message Authenticator attribute, the entire RADIUS message is encrypted and the shared secret is used as the key. Shared secrets are case-sensitive. Verify that the client's shared secret and the shared secret that you type in Shared secret are identical. For more information, see Related Topics.
Enabling the use of the Message Authenticator attribute provides additional security when PAP, CHAP, MS-CHAP, and MS-CHAP v2 are used for authentication. EAP uses the Message Authenticator attribute by default and does not require that you enable it. For more information, see the topics listed below.
Shared secrets should be comprised of a 22-character or longer random sequence of letters, numbers, and punctuation and should be changed often to protect your IAS server and your RADIUS clients from online dictionary attacks. For more information, see the topics listed below.

Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.