Answered by:
IAS extension dll for using sql server as radius authentication

Question
-
Hello. Im searching information about any .dll or more specifications about the "IAS extension DLL" speaked in this url:
http://technet.microsoft.com/en-us/library/cc757302(WS.10).aspx
We need some way to connect the IAS with a MS sql server, for the web Citrix (Radius).
As i saw, the only way is deploying that dll with the specifications above (there is no free dll on internet). But i think we are not enough skilled for that task, as we have never worked with radius, neither with eap or other encryptions. We are "so common" C#NET developers.
Any suggestions?
Thanks.
Paul.Monday, March 8, 2010 8:39 PM
Answers
-
Hi Paul,
I have implemented similar sort of IAS implementation as extension dll. Initially I also faced many problems while implementing the same since there is very less information available on internet. Although whatever the information is available they are scattered and not properly organized. With my experience I can share something with you which might be of help to you.
If you are looking for any free dll on internet then u might return empty handed. From you above post it seems you want to implement something where the client is you web citrix which will be connecting to the IAS server on Win2003 server or NPS server on Win2008 server. The IAS/NPS will inturn connect to MS SQL server for further authentication or authorization process.
As per my understanding IAS/NPS understands only the unmanaged windows dll. So I would suggest to use VC++ to create MFC Extension dll which will expose following functions as part of dll:
1) RadiusExtensionInit 2) RadiusExtensionProcessEx 3) RadiusExtensionFreeAttributes 4) RadiusExtensionTerm
You can get the signature of these functions from MSDN
Within the RadiusExtensionProcessEx function you will have to write the code which will connect with your MS SQL and do further processing. Once you are done with the dll, then you will have to create following registry entries:
Refer: http://msdn.microsoft.com/en-us/library/bb892024%28VS.85%29.aspx
The extension dlls can be registered and hence by the above mentioned registry entries only you can notify the IAS/NPS about that dll. Once the registry entries are done, restart the IAS/NPS server, now make a hit from the citrix web client to IAS/NPS. IAS/NPS will look for the above registry entry and if any dll is referred then it sarts calling the 2nd function with each call as mentioned above.
One more thing if your IAS/NPS sever is on 64-bit machine then you will have to build the 64-bit version of the dll.
Thanks,
Ashish
- Marked as answer by factorial Thursday, March 25, 2010 11:38 AM
Wednesday, March 24, 2010 6:28 AM
All replies
-
Currently, IAS/NPS supports MS SQL server for RADIUS Accounting.
In what way are you looking to 'connect the IAS with a MS sql server'?
Assuming you are looking to use SQL server to store your user credentials, then yes, you will need to create an NPS extension DLL in order to authenticate using NPS. This is a good use for NPS extension DLLs (utilizing a user database other than AD or the local Windows account store) but as you mention, it is no light task. At the very least, a solid understanding of RADIUS would be necessary.
Another option would be to use Active Directory as your user identity manager.
This TechNet forum post is provided "AS IS" with no warranties, and confers no rights. This entry reflects my own personal views and does not necessarily reflect the view of my employer.- Marked as answer by Miles Zhang Wednesday, March 10, 2010 2:38 AM
- Unmarked as answer by factorial Thursday, March 25, 2010 11:38 AM
Monday, March 8, 2010 9:59 PM -
Thanks for response. Yes we need to authenticate against a MS sql server 2005. The point is that we need to use a "passcode" (PIN) (>> thats the reason of using sql server), and the AD user/password (BOTH things) in the process of authentication in Citrix Web interface.
As i said, we are junior developers, and we need this solution fast, i think we will need to use the open source radius freeradius.
Thanks.Tuesday, March 9, 2010 11:06 AM -
Hi Paul,
I have implemented similar sort of IAS implementation as extension dll. Initially I also faced many problems while implementing the same since there is very less information available on internet. Although whatever the information is available they are scattered and not properly organized. With my experience I can share something with you which might be of help to you.
If you are looking for any free dll on internet then u might return empty handed. From you above post it seems you want to implement something where the client is you web citrix which will be connecting to the IAS server on Win2003 server or NPS server on Win2008 server. The IAS/NPS will inturn connect to MS SQL server for further authentication or authorization process.
As per my understanding IAS/NPS understands only the unmanaged windows dll. So I would suggest to use VC++ to create MFC Extension dll which will expose following functions as part of dll:
1) RadiusExtensionInit 2) RadiusExtensionProcessEx 3) RadiusExtensionFreeAttributes 4) RadiusExtensionTerm
You can get the signature of these functions from MSDN
Within the RadiusExtensionProcessEx function you will have to write the code which will connect with your MS SQL and do further processing. Once you are done with the dll, then you will have to create following registry entries:
Refer: http://msdn.microsoft.com/en-us/library/bb892024%28VS.85%29.aspx
The extension dlls can be registered and hence by the above mentioned registry entries only you can notify the IAS/NPS about that dll. Once the registry entries are done, restart the IAS/NPS server, now make a hit from the citrix web client to IAS/NPS. IAS/NPS will look for the above registry entry and if any dll is referred then it sarts calling the 2nd function with each call as mentioned above.
One more thing if your IAS/NPS sever is on 64-bit machine then you will have to build the 64-bit version of the dll.
Thanks,
Ashish
- Marked as answer by factorial Thursday, March 25, 2010 11:38 AM
Wednesday, March 24, 2010 6:28 AM -
There is a good article on installing and configuring IAS server:
http://articles.techrepublic.com.com/5100-10878_11-6148579.html
Rgds,
Ashish
- Proposed as answer by Mohamad_77 Sunday, June 28, 2015 12:27 PM
- Unproposed as answer by Mohamad_77 Sunday, June 28, 2015 12:28 PM
Wednesday, March 24, 2010 6:33 AM -
I have made the dll.
Thanks for help.
Paul.
- Proposed as answer by Mohamad_77 Sunday, June 28, 2015 12:28 PM
- Unproposed as answer by Mohamad_77 Sunday, June 28, 2015 12:28 PM
Thursday, April 15, 2010 6:06 PM -
Hi, Paul.
I'm also searching for nps extension dll's with the goal to implement MAC-authentication against a database.
Would you perhaps share your solution?
Please let me know under gerd.schelbert@computacenter.com.
Regards
Gerd
Wednesday, April 28, 2010 3:00 PM -
Hi, Paul.
I'm also searching for this extension dll's.
I'll be very thankfull if you can share your solution? (houaidia_anis@yahoo.fr)
Regards
Wednesday, May 5, 2010 9:32 AM -
I have sent an email to both of you. If anyone needs the source code of the dll, mail me to factoriales @ gmail . com
Good luck.
Wednesday, May 5, 2010 6:35 PM -
I've several problems during my extension DLL development. First of all, is it OK to load DLL with empty function, so I'm exporting neccessary(RadiusExtensionProcess2) function, but the only string of code with in is: return NO_ERROR; is it ok to export function which does nothing? Coz my DLL can not be loaded by NPS, there are severl error with codes: 0x1c, 0x7e.Thursday, December 2, 2010 12:31 PM
-
Hi, Paul.
I'm also need the source code of this extension dll's.
I'll be very thankfull if you can share something about you solution? (xuyang.zhou@hotmail.com)
Best Regards
Tuesday, January 11, 2011 2:42 AM -
Hi,Paul
I'm searching for the IAS extension dlls to connet with SQL.
Would you perhaps share your solution。(zhuzhenliang007@zcom.com.cn or zhuzhenliang007@hotmail.com)
Thank you for your help.
Best regards
zhuzhenliang
best regardsFriday, August 5, 2011 3:01 AM -
Hi Paul,
I'm also searching for nps extension dll's with the goal to implement authentication against a SQL Server database.
Please share me the source code and dll under parth.192@gmail.com
Regards
Ayaz Shaikh
Friday, May 4, 2012 5:52 AM -
Hello Paul,
i'm searching exactly for this use case.
Could you please send me the the source code to gojo119@gmail.com?
Thank you!kind regards
Gottfried
- Proposed as answer by Roman Krylov Tuesday, October 2, 2012 5:08 PM
Wednesday, July 4, 2012 11:59 AM -
Hello
i'm searching to, for this use case.
Could you please send me the source code to roman.krilov@windowslive.com ?
Thank you!Roma
Tuesday, October 2, 2012 5:09 PM -
hi
please send me the source code to dependrg@unifycloud.com
Thank you
Dependra
Tuesday, February 26, 2013 9:38 AM -
Hi Everyone,
I am new to NPS. I have developed an Authentication Extension DLL which is basically a MFC Extension DLL for custom authentication in NPS.
Now, to apply this Extension DLL at NPS I have used following steps:-
- I have put that DLL in %System Root%\System32\radius.dll folder.
- I have create HKLM\System\CurrentControlSet\Services\AuthSrv\Parameters\ registry key and set path of DLL as described here http://msdn.microsoft.com/en-us/library/windows/desktop/bb892024(v=vs.85).aspx
Now, when I am restarting NPS server I am getting following error:-
"Extension Host is failed to load DLL.Path %System Root%\System32\radius.dll".
Regards
Deepak
Monday, March 4, 2013 11:31 AM -
Hi Paul,
I know it is long time since you added this post, but we need this extension dll's, so, would you please share your solution
My Email address is mohamad_77@hotmail.com
Thanks in Advance
Mohammad
Sunday, June 28, 2015 12:48 PM -
Hi ,
I know it is long time since you added this post, but we face the same problem, so, would you please let
me know if you manage to solve this problem and if yes how you solved it?
My Email address is mohamad_77@hotmail.com
Thanks in Advance
Mohammad
Sunday, June 28, 2015 12:52 PM -
When using NPS + dll with eap, does the NPS handle the encryption and pass the clear password to the dll or do you have to implement the eap session in the dll as well?Thursday, November 9, 2017 2:46 PM
-
Hi Paul,
Its been a long time though, while searching internet for similar type of work, fortunately I clicked this blog link. I was not getting any help how to write NPS extension dll. Can you please share the source code with me at
prosanta.mondal@yahoo.com
Many thanks...
Tuesday, July 9, 2019 3:37 PM