locked
VSA in NPS accounting RRS feed

  • Question

  • Hi, 

    I am trying to set up accounting with NPS. Is it possible to get VSA id(26) to be translated into the plaintext string? Our vendor brand is not by default included in the NPS. Currently when we create information with this id it will just turn up as hex string in the logfile including what i think is vendorid and other things. 

    I don't want to use the field to send information to the "client" just to account data and use the VSA field to complement more information. 

    BR
    Lars

    Monday, March 19, 2012 4:08 PM

Answers

  • Hi Steven,

    We have solved the problem by making our own conversion even though it would have been better if it was just the plaintext string. I will post our solution here in case someone else need it.

    ----------------------------------------------------------------------------------

    We built a clr function in Visual Studio. Compiled it into the MS SQL to be used in the database:

        [Microsoft.SqlServer.Server.SqlFunction]
        public static SqlString fn_HexToAscii(SqlString hexString)
        {
            SqlString returnVal = null;


            if (hexString.Value != null && hexString.Value.Length > 0)
            {
                string value = hexString.Value;


                StringBuilder strb = new StringBuilder();


                if (value.Length % 2 == 0)
                {
                    for (int i = 0; i <= value.Length - 2; i += 2)
                    {
                        strb.Append(Convert.ToChar(int.Parse(value.Substring(i, 2), System.Globalization.NumberStyles.HexNumber)));
                    }


                    returnVal = new SqlString(strb.ToString());
                }
                else
                {
                    throw new ArgumentException("Invalid hex string passed, uneven number unable to divide it by 2");
                }
            }
            else
            {
                throw new ArgumentException("Argument must not be null or an empty string!");
            }


            return returnVal;
        }

    --------------------------------------------------------------------------------------------------

    In report_event stored procedure:

    DECLARE @Clavister_If_Name NVARCHAR(255)
    SET @Clavister_If_Name = (SELECT  dbo.fn_HexToAscii(SUBSTRING([Vendor-Specific],67,LEN([Vendor-Specific])-68))
    FROM    OPENXML (@idoc,'/Event/Vendor-Specific',2)
    WITH ([Vendor-Specific] NVARCHAR(MAX) '.') WHERE [Vendor-Specific] like '000013E102%')

    Then use this in the insertion to the table.

    -----------------------------------------------------------------------------

    Hope this is helpful to someone else. 

    BR
    Lars


    MS Lars


    Friday, March 23, 2012 1:15 PM

All replies

  • Hi Lars,

    Thanks for posting here.

    But ID 26 does Text type and it was still shown as hex string in log ?

    Interpret IAS Format Log Files
    http://technet.microsoft.com/en-us/library/dd197432(v=ws.10).aspx

    Key concepts for IAS SQL Server logging
    http://technet.microsoft.com/en-us/library/cc778830(v=ws.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Tuesday, March 20, 2012 10:39 AM
  • Hi,

    Thanks for the answer. Yes, I get hex in the field.

    Here you have the capture data from that field

    1A 35 00 00 13 E1 02 2F 43 6C 61 76 69 73 74 65 72 2D 49 6E 74 65 72 66 61 63 65 2D 4E 61 6D 65 3D 20 22 76 6C 61 6E 31 30 5F 75 62 75 6E 74 75 5F 64 65 76 22
    .5...á./Clavister-Interface-Name= "vlan10_ubuntu_dev"

    And in the log file i get it like this:

    <Vendor-Specific data_type="2">
     000013E1022F436C617669737465722D496E746572666163652D4E616D653D2022766C616E31305F7562756E74755F64657622</Vendor-Specific>

    Hope you can help me a bit more with this information.

    Also to note, I work for a firewall developer and we are trying to implement this to get it working.

    BR

    Lars


    MS Lars

    Tuesday, March 20, 2012 12:25 PM
  • Hi Lars,

    Would you please describe your goal in more detail? What do you want the hex string to be?

    Best Regards,

    Steven Xiao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, March 21, 2012 1:44 PM
  • Hi,

    OK, I will try and describe what I am trying to achieve.

    We are trying to make it possible to use MS NPS as radius. In our firewall we are using authentication on mac address so the "username" is mac address. Due to this we can also set up NPS accounting and get data on mac address level for billig purpose on clients. The clients could be set up on different vlan:s and such we need that information included in the accountning packets. Our idéa then was to use the vendor specific id (26) and send interface name and if we have interface id we send that also. Now from we understand in the RFC documents the field id (26) is a string field and when we use other radius servers we get this information as plain text string. With MS NPS we only get a complete hexstring instead. We have tried many different settings on the MS NPS but nothing we seem to do make it possible to get this as the string we want. Also the logged hexstring includes vendorid, subtypeid, length and other stuff. This means we need to parse those strings, strip some data and then make a convert function to achieve our goal. Now as you maybe realize this will take some time.

    So a little conclusion: We want accounting on mac address by in and out data along with interface information to be able to build billing reports grouped by interfacename.

    BR
    Lars


    MS Lars

    Wednesday, March 21, 2012 2:00 PM
  • Hi Lars,

    Generally the format of the output logs are hard-coded in the production and I am not sure if it is possible to change it.

    Is it convenient for you to paste the "plain text string" with other radius server here?

    Best regards,

    Steven Xiao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, March 22, 2012 11:37 AM
  • Hi Steven,

    This is how the log shows from TekRadius. The interesting row is "Clavister-Interface-Name = my_sslvpn_if". 

    When looking at the RFC and documentation on technet we have tried to follow the directions but the nps still put all information for id 26 (vendor-specific) into a full hex string. 

    RadAcct req. from : 192.168.3.10:11464 - 2012-03-22 14:58:46
    Size              : 132 / 132
    Identifier        : 147
    Attributes        : 


    Event-Timestamp = 1332424725
    Acct-Delay-Time = 0
    Acct-Status-Type = Start
    Acct-Authentic = RADIUS
    Acct-Session-Id = 3F75DE1
    NAS-IP-Address = 192.168.3.11
    NAS-Port = 3
    Clavister-Interface-Name = my_sslvpn_if
    NAS-Identifier = Clavister
    User-Name = admin


    RadAcct req. from : 192.168.3.10:40591 - 2012-03-22 14:59:48
    Size              : 162 / 162
    Identifier        : 183
    Attributes        : 

    BR
    Lars


    MS Lars

    Thursday, March 22, 2012 3:12 PM
  • Hello Mars,

    Unfortunately, the output format is hard-coded by design. I have no resource to explain how the plaintext Interface-Name is translated into the hexstring format by the NPS.

    Have you been abled to translate the output hexstring back to the plaintext format as your wish by any selfmade parser?

    Best regards,

    Steven Xiao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, March 23, 2012 9:28 AM
  • Hi Steven,

    We have solved the problem by making our own conversion even though it would have been better if it was just the plaintext string. I will post our solution here in case someone else need it.

    ----------------------------------------------------------------------------------

    We built a clr function in Visual Studio. Compiled it into the MS SQL to be used in the database:

        [Microsoft.SqlServer.Server.SqlFunction]
        public static SqlString fn_HexToAscii(SqlString hexString)
        {
            SqlString returnVal = null;


            if (hexString.Value != null && hexString.Value.Length > 0)
            {
                string value = hexString.Value;


                StringBuilder strb = new StringBuilder();


                if (value.Length % 2 == 0)
                {
                    for (int i = 0; i <= value.Length - 2; i += 2)
                    {
                        strb.Append(Convert.ToChar(int.Parse(value.Substring(i, 2), System.Globalization.NumberStyles.HexNumber)));
                    }


                    returnVal = new SqlString(strb.ToString());
                }
                else
                {
                    throw new ArgumentException("Invalid hex string passed, uneven number unable to divide it by 2");
                }
            }
            else
            {
                throw new ArgumentException("Argument must not be null or an empty string!");
            }


            return returnVal;
        }

    --------------------------------------------------------------------------------------------------

    In report_event stored procedure:

    DECLARE @Clavister_If_Name NVARCHAR(255)
    SET @Clavister_If_Name = (SELECT  dbo.fn_HexToAscii(SUBSTRING([Vendor-Specific],67,LEN([Vendor-Specific])-68))
    FROM    OPENXML (@idoc,'/Event/Vendor-Specific',2)
    WITH ([Vendor-Specific] NVARCHAR(MAX) '.') WHERE [Vendor-Specific] like '000013E102%')

    Then use this in the insertion to the table.

    -----------------------------------------------------------------------------

    Hope this is helpful to someone else. 

    BR
    Lars


    MS Lars


    Friday, March 23, 2012 1:15 PM
  • Hi Lars,

    Thanks for sharing your solution!

    Best regards,

    Steven Xiao


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, March 23, 2012 1:48 PM