AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens Installation and Upgrading Configuration Token Management How to Log In Troubleshooting


  • Open the AuthLite Configuration application on the Domain Member Server you wish to set up as a RADIUS server. (Before version 2.0.62 it was a requirement to use a DC).

  • Under Service Configuration, select the "IAS/NPS Plugin" item

  • Select the "Enable IAS/NPS support on this server" checkbox

  • To allow more flexibility of RADIUS clients, you can select the "Permit requests that don't send the domain name."

  • Since Microsoft's IAS/NPS configuration dialogs are not AuthLite-aware, there is one additional setting you must select here. It controls how PAP requests will be processed.

    • One-factor (OTP in password field): In this mode, the server expects the username in the username field, and an OTP in the password field. This is the configuration you want to use if AuthLite is being used to validate only the OTP factor, and another process is being used to authenticate the user's name and password. For example, this is how Citrix and Juniper's two-factor authentication works.

  • Apply changes

  • Restart the AuthLite service and also the IAS/NPS service. Changes are only applied after the services restart.

  • You must set up an appropriate policy in IAS/NPS to allow connections from the RADIUS client of the proper authentication type.

  • You do not need to select between PAP and MS-CHAPv2 anywhere in the AuthLite interface, but the policy you configure on IAS/NPS will allow you to select between these settings.