Custom attributes in remote access policy condition

Custom attributes in remote access policy condition

Post by Sthane Ric » Wed, 30 Jan 2008 16:54:48


his is a multi-part message in MIME format.


Our provider (BT) provides a service called Internet Proxy Radius Service. With this service they are sending to our Radius server all connection requests to the network.
Authentication request messages contains some custom attributes from BT/Infonet:

for sample:
++++++++

...

10/17/00 04:15:51.682 RADIUS.debug radius com.lucent.ra.bs.rabm.server.RadiusSin

k.proxyAccountingRequest Send Accounting-Request(1) to .......(customer radius svr)

Permit = "defaultsvcid"

Service = "defaultsvcid"

Config = "defaultsvcid"

Infonet-Surcharge-Type = 1 <<== toll free

"infonet-surcharge-type"

as vender specific attribute,

comes with attribute #254,



We are trying to find a way to use those custom attributes in remote access policy conditions.

Question 1: Is it possible to do it using IAS (the list of available attributes in condition does not seem extensible)

Question 2: Will NPS in Windows 2008 have a solution?



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16587" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=Arial size=2>Our provider (BT) provides a service called
Internet Proxy Radius Service. With this service they are sending to our Radius
server all connection requests to the network.</FONT></DIV>
<DIV><FONT face=Arial size=2>Authentication request messages contains some
custom attributes from BT/Infonet:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>for sample:</FONT></DIV>
<DIV>
<P align=left><FONT face=Arial size=2>++++++++</FONT></P>
<P align=left><FONT face=Arial size=2>..</FONT></P>
<P align=left><FONT face="Courier New" size=2>10/17/00 04:15:51.682 RADIUS.debug
radius com.lucent.ra.bs.rabm.server.RadiusSin</FONT></P>
<P align=left><FONT face="Courier New" size=2>k.proxyAccountingRequest Send
Accounting-Request(1) to .......(customer radius svr)</FONT></P>
<P align=left><FONT face="Courier New" size=2>Permit = "defaultsvcid"</FONT></P>
<P align=left><FONT face="Courier New" size=2>Service =
"defaultsvcid"</FONT></P>
<P align=left><FONT face="Courier New" size=2>Config = "defaultsvcid"</FONT></P>
<P align=left><FONT face="Courier New" size=2><STRONG>Infonet-Surcharge-Type = 1
<<== toll free</STRONG></FONT></P>
<P align=left><FONT face="Courier New"
size=2>"infonet-surcharge-type"</FONT></P>
<P align=left><FONT face="Courier New" size=2>as vender specific
attribute,</FONT></P>
<P align=left><FONT face="Courier New" size=2>comes with attribute
#254,</FONT></P>
<P align=left><FONT face=Arial size=2></FONT> </P>
<P align=left><FONT face=Arial size=2>We are trying to find a way to use those
custom attributes in remote access policy conditions. </FONT></P>
<P align=left><FONT face=Arial size=2>Question 1: Is it
 
 
 

Custom attributes in remote access policy condition

Post by S. Pidgorn » Thu, 31 Jan 2008 19:06:51

Not that I'm aware of. IAS's best feature is simplicity - you get what's
there in documentation and UI.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://www.yqcomputer.com/ * http://www.yqcomputer.com/ *



Our provider (BT) provides a service called Internet Proxy Radius Service.
With this service they are sending to our Radius server all connection
requests to the network.
Authentication request messages contains some custom attributes from
BT/Infonet:

for sample:
++++++++

..

10/17/00 04:15:51.682 RADIUS.debug radius
com.lucent.ra.bs.rabm.server.RadiusSin

k.proxyAccountingRequest Send Accounting-Request(1) to .......(customer
radius svr)

Permit = "defaultsvcid"

Service = "defaultsvcid"

Config = "defaultsvcid"

Infonet-Surcharge-Type = 1 <<== toll free

"infonet-surcharge-type"

as vender specific attribute,

comes with attribute #254,



We are trying to find a way to use those custom attributes in remote access
policy conditions.

Question 1: Is it possible to do it using IAS (the list of available
attributes in condition does not seem extensible)

Question 2: Will NPS in Windows 2008 have a solution?

 
 
 

Custom attributes in remote access policy condition

Post by Sthane Ric » Thu, 31 Jan 2008 23:04:58

Thanks for your answer however not really helpful for us.

Do you know if Windows 2008/NPS will give us such an option?