locked
Microsoft NPS Radius Server with SQL Server - need to have on SQL Server, the User-Password field. RRS feed

  • Question

  • Hello,

    I  just  configured  a  NPS  Radius  Server  on  Windows Server 2012  with  SQL Server  for the  logs.

    on SQL Server, the  XML  format  give  some fields  like  User-Name, Called-Station-ID, Packet-Type  etc. Is it  possible  to  add another  field  like  User-Password?   and  how to do  it.

    Thank you in advance  for your  Help.

    Thursday, March 6, 2014 8:16 PM

Answers

All replies

  • Hello,

    any fedback for me?

    thanks.

    Saturday, March 8, 2014 12:17 PM
  • Hi,

    By default, logging is disabled for NPS. To enable it, run the Network Policy Server snap-in (nps.msc), or the Internet Authentication Service snap-in (ias.msc) and follow the instructions on the Accounting page.

    You can log the following information in a SQL Server database:

    • Accounting-on requests, which are sent by the RADIUS client to indicate that it is online and ready to accept connections.

    • Accounting-off requests, which are sent by the RADIUS client to indicate that it is going offline.

    • Accounting-start requests, which are sent by the RADIUS client (after the user is authenticated and authorized by the NPS server) to indicate the start of a user session.

    • Accounting-stop requests, which are sent by the RADIUS client to indicate the end of a user session.

    • Accounting interim requests, which are sent periodically by some RADIUS clients during a user session, and which can be logged by NPS. This type of request can be used when the Acct-Interim-Interval RADIUS attribute is configured to support periodic requests in network policy settings on the NPS server. The RADIUS client must support the use of accounting interim requests if you want the interim requests to be logged on the NPS server. If the RADIUS client does not send accounting interim requests, they are not logged.

    • Authentication requests, which are sent by the RADIUS client on behalf of the connecting user. These entries in the log contain only incoming attributes.

    • Authentication accepts and rejects, which are sent by NPS to the RADIUS client, indicating whether the user is accepted or rejected. These entries contain only outgoing attributes.

    The related KB:

    SQL Programmability

    http://msdn.microsoft.com/en-us/library/windows/desktop/bb960723(v=vs.85).aspx

    NPS SQL Server Logging

    http://technet.microsoft.com/en-us/library/dd197595.aspx

    Hope this helps.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

    • Marked as answer by Alex Lv Wednesday, March 26, 2014 1:57 AM
    Monday, March 10, 2014 6:57 AM
  • Hi  Alex,  thank for your  feedback. 

    I already  tested  it.  My  NPS  solution  is  configured and  is OK.  the problem i  have  is that, we have more than 10, 000  clients who must  log on  the  NPS via an ADSL modem. they  already had  login and  password  and we want to capture those credentials  and  create  the  new login  credentials in  the  Active Directory.

    if  not,  it will be  difficult  to  give a new password to all the  10,000 client's modems...

    To solve this  problem,  i want to firstly let  everyone  connected  without  authentication.   during  this  process i can capture logins  and  the  passwords they currently  have on the  modems.

    the  issue  is  that  i  can't view  the  USER-PASSWORD  field   in the  SQL Server  login. How to show it  and capture the  password. 

    I hope  you understand  now my  problem. 

    Thank you in advance for you  help

    Monday, March 10, 2014 7:33 PM
  • Hi,

    As far as i know, there have no way to get the users password, the SQL just audit the NPS log, but not the full users information, your problem must use the administrative means will easier resolved.

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.



    • Edited by Alex Lv Tuesday, March 18, 2014 2:46 AM
    • Marked as answer by Alex Lv Wednesday, March 26, 2014 1:57 AM
    Tuesday, March 18, 2014 2:46 AM