How to insert a ratEAPTLV attibute?

How to insert a ratEAPTLV attibute?

Post by Washington » Tue, 29 Nov 2005 23:07:53


Hi people,
Someone knows how to insert a ratEAPTLV (URI EAP-TLV)?

I'm using one struct definition as:

typedef struct _PEAPTLV_URI
{
int TLVMand:1; //one BIT using 0 non
mandatory
int TLVReserved:1; //one BIT using 0
int TLVType:14; //14 BITS using 8 TLV URI
UCHAR TLVValueLength; //the URI length
UCHAR TLVValue[UNLEN]; //the HTTPS URI
}PEAPTLV_URI, *pPEAPTLV_URI;
If I set the attribute type to rdtUnknown I receive an error code 87.
If I set the attribute type as rdtString I receive 0 as success, but after
the return to IAS the EAP function RasEapMakeMessage fails as you can see on
iassam.log:

[2340] 11-28 10:58:59:328: Issuing Access-Challenge.
[2340] 11-28 10:58:59:328: Invoking AuthorizationDLLs
[2340] 11-28 10:58:59:328: Invoking extension IASGuest.dll
[2340] 11-28 10:58:59:328: RADIUS_ATTRIBUTE_ARRAY.Add(rcAccessRequest, 273)
[2340] 11-28 10:58:59:328: RadiusExtensionProcess2 returned 0
[2340] 11-28 10:58:59:328: RasEapMakeMessage failed: An internal error
occurred.
[2340] 11-28 10:58:59:328: Caught COM exception: An internal error occurred.

Can someone help me please.

Thanks in advance.
 
 
 

How to insert a ratEAPTLV attibute?

Post by Tom Eirik » Wed, 30 Nov 2005 00:12:00

Hello Moreira !

Where are you changing this ? You are changing something in a file, which
fil ?

I want to reg a *.DLL in IAS and give the winxp client a http adress, are
you changing in this file ?

Maybe you can give me information..
-------------------------------------------------
"Washington Moreira" < XXXX@XXXXX.COM > skrev i melding

 
 
 

How to insert a ratEAPTLV attibute?

Post by Washington » Wed, 30 Nov 2005 02:45:15

Hi Tom,

The URI that Windows XP uses to get provisioning information should be
inserted by one IAS Authorization DLL. Then IAS sends the URI inside a
EAP-TLV packet.
Your client(Windows XP) must be updated with SP2 and if your Access Points
supports WPA2 you need another update from MS: WindowsXP KB893357

I cann't found any comercial version of WPS Authorization DLL from the
market. MS's documentation says that we need to develop this DLL. There is
one public documentation where you can find more details
http://www.yqcomputer.com/

This documentation is good but lacks some informations.
I hope that someone help me here about these missed informations.

TKS

Washington Moreira
 
 
 

How to insert a ratEAPTLV attibute?

Post by Tom Eirik » Wed, 30 Nov 2005 03:27:31

hanks..
I understand everything you said, but I dont know what to use to make a DLL,
Visual Basic, Visual C++ ? I know how to set a regkey in registry to the
DLL. I have made the *.XML documents an placed them into the IIS6.0, but
the access points is not supportning WPA2 or AES. Do this have a role ?

Only to tell you more about this network i have, 240 computers 2 domain
controllers, one IIS, IAS on one of the controllers, RIS.

thanks...


"Washington Moreira" < XXXX@XXXXX.COM > skrev i melding
news: XXXX@XXXXX.COM ...


 
 
 

How to insert a ratEAPTLV attibute?

Post by Washington » Wed, 30 Nov 2005 04:10:09

i Tom,
This DLL need to be developed with C or C++ and must export the following
functions:
RadiusExtensionInit
RadiusExtensionTerm
RadiusExtensionProcess2.

You can change and add attribute values if you implements
RadiusExtenisonProcess2. (RadiusExtensionProcessEx can only add so cann't be
used on WPS scenario) .

Your https url goes on the last field of PEAP-TLV packet structure, but the
URI format must include an action type at the end of URI, for example:
https://yourdomain/wpsxmls/master.xml#signup. The action type choosed
depends on values reported by other Radius attibutes such as ratUserName and
if you see a rejected connection, the attribute ratRejectReasonCode should
be examined to determine the correct action. With another example, if the
reason code points to rrrcAccountExpired enumeration, you can send
https://yourdomain/wpsxmls/master.xml#renewal.

TKS

Washington Moreira







"Tom Eirik Jensen" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...


 
 
 

How to insert a ratEAPTLV attibute?

Post by Eliot Gabl » Thu, 01 Dec 2005 05:06:18

ownload the Microsoft Platfrom SDK and take a loot at the
Samples/NetDS/IAS/ samples that it installs. They should get you started on
the DLL. You will use nmake to do the building using a standard Makefile. If
you do not have Visual Studio, you will also need to download the build
environment from Microsoft.

"Tom Eirik Jensen" < XXXX@XXXXX.COM > wrote in message
news: XXXX@XXXXX.COM ...



----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
 
 
 

How to insert a ratEAPTLV attibute?

Post by Eliot Gabl » Thu, 01 Dec 2005 05:12:55

actually tried this same thing. I, too, get an error 87 (which, according
to the SDK documentation, has something to do with an invalid index). I got
past the error by using rdtString instead of rdtUnknown, but I still do not
see the EAP-TLV URI attribute in the packet that goes out. To test it, I
wrote a debug function that dumps all the packet AVPs in plain-text for me
to see. This is a sample of my output from my debugging code:


Entered RadiusExtensionProcess2.
Received Access-Request packet:
Received Access-Reject packet:
Framed-MTU = 1400
Called-Station-Id = <mac address here>
Calling-Station-Id = <mac address here>
Service-Type = 1
Message-Authenticator = 0x6BFFFF5DFFFFFF776EFFFF255BFFFF25
EAP-Message = 0x2
NAS-Port-Type = 19
NAS-Port = 332
NAS-IP-Address = <ip address here>
NAS-Identifier = WorthTWP-Ch1
Source-IP-Address = <ip address here>
Source-Port = 1645
Identifier = 139
Authenticator = 0x34FF1635FF6256193745FF39FF6AFFFFFFFFD2
Provider = 3
CRP-Policy-Name =
0x5573652057696E646F77732061757468656E7469636174696F6E20666F7220616C6C20757365727300
Stripped-User-Name = <guest account name here>
Policy-Name = 0x47756573742041636365737300
FQ-User-Name = <guest account name here>
State = 0x1D5E3
Unique-Id = 10
Framed-Protocol = 1
Service-Type = 2
Tunnel-Medium-Type = 6
Tunnel-Private-Group-ID = 3
Tunnel-Type = 13
Access-Request packet found.
Obtaining Access-Reject response attributes.
Obtaining Access-Request attributes.
Obtaining important RADIUS attributes.
Finding the EAP-TLV packet with Status-Result of TLV (type 3).
Checking reject reason code.
Reject reason code attribute not found in reject packet. Converting to
Access-Accept
Entered AccessAccept().
Converting response to Access-Accept packet.
Replacing first attribute of ratFramedProtocol.
Attribute found at index 0.
Success. Attribute replaced or added.
Done replacing attribute. Returning with result: 0.
Replacing first attribute of ratTunnelType.
Attribute found at index 4.
Success. Attribute replaced or added.
Done replacing attribute. Returning with result: 0.
Replacing first attribute of ratTunnelMediumType.
Attribute found at index 2.
Success. Attribute replaced or added.
Done replacing attribute. Returning with result: 0.
Replacing first attribute of ratTunnelPrivateGroupID.
Attribute found at index 3.
Success. Attribute replaced or added.
Done replacing attribute. Returning with result: 0.
Received Access-Request packet:
Received Access-Accept packet:
Framed-MTU = 1400
Called-Station-Id = <mac address here>
Calling-Station-Id = <mac address here>
Service-Type = 1
Message-Authenticator = 0x6BFFFF5DFFFFFF776EFFFF255BFFFF25
EAP-Message = 0x2
NAS-Port-Type = 19
NAS-Port = 332
NAS-IP-Address = <ip address here>
NAS-Identifier = WorthTWP-Ch1
Source-IP-Address = <ip address here>
Source-Port = 1645
Identifier = 139
Authenticator = 0x34FF1635FF6256193745FF39FF6AFFFFFFFFD2
Provider = 3
CRP-Policy-Name =
0x5573652057696E646F77732061757468656E7469636174696F6E20666F7220616C6C20757365727300
Stripped-User-Name = <guest username here>
Policy-Name = 0x47756573742041636365737300
FQ-User-Name = <guest username here>
State = 0x1D5E3
Unique-Id = 10
Framed-Protocol = 1
Service-Type = 2
Tunnel-Medium-Type = 6
Tunnel-Privat