locked
Forming Profile Data for Profile ID ( 4106 ) ID/Attribute name msNPAllowedEapType RRS feed

  • Question


  • Hi,

    Can you please tell me how to form the Profile data or AttributeValue for  Profile ID ( 4106 ) /Attribute name  msNPAllowedEapType  while adding Connection Request Policy's Athentication Methods ?

    Below is the nps config dump. ( i have added all allowed EAP types )

    add crp
    name = "ConnectionReqPolicy" state = "enable" processingorder = "2" policysource = "0" conditionid = "0x1fac" conditiondata = "^1$" profileid = "0x1025" profiledata = "0x1"

     profileid = "0x100a"
    profiledata = "0D000000000000000000000000000000"
                                         profiledata = "19000000000000000000000000000000"
                                         profiledata = "1A000000000000000000000000000000"

     profileid = "0x1009" profiledata = "0x5" profiledata = "0x1" profiledata = "0x2" profiledata = "0x3"  profiledata = "0x9" profiledata = "0x4" profiledata = "0xa" profiledata = "0x7" profileid = "0x1fb0" profiledata = "TRUE"


    How to interpret this profile data related to
    msNPAllowedEapType ,  profileid = "0x100a" ?

    This is What i get when i do edit on allowed EAP types.

    add crp
    name = "ConnectionReqPolicy" state = "enable" processingorder = "2" policysource = "0" conditionid = "0x1fac" conditiondata = "^1$" profileid = "0x1025" profiledata = "0x1"
     profileid = "0x1fa2"
    profiledata = "0D0000000000000000000000000000003C00000000000000000000003C0000000000000014000000DAB64705FA5DF67911A4033E5FA3989AC38C8BD6129E980700000000129E98070000000000000000" profiledata = "190000000000000000000000000000003800000002000000380000000300000014000000DAB64705FA5DF67911A4033E5FA3989AC38C8BD60100000001000000100000001A00000000000000" profiledata = "1A000000000000000000000000000000240200000200000004000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"

    profileid = "0x100a" profiledata = "0D000000000000000000000000000000" profiledata = "19000000000000000000000000000000" profiledata = "1A000000000000000000000000000000" profileid = "0x1009" profiledata = "0x5" profiledata = "0x1" profiledata = "0x2" profiledata = "0x3" profiledata = "0x9" profiledata = "0x4" profiledata = "0xa" profiledata = "0x7" profileid = "0x1fb0" profiledata = "TRUE"


    Can you please tell me what is happening here ?  Why there is a  change in the Profile ID ?

    Can you please guide me how to form
    Profile Data or AttributeValue while setting thru Netsh or using SDO Lib
    Attribute.PutProperty((int)SDOIASLib.ATTRIBUTEPROPERTIES.PROPERTY_ATTRIBUTE_VALUE, ref attrVal); ?

    Please help me out in this as soon as possible.

    Thanks And Regards,
    krishna.

















    krishna
    Tuesday, June 3, 2008 3:30 PM

Answers

  • Unfortunetly, the format of the data for profile attribute 0x1fa2 (EAP-Configuration) is specific to a particular EAP method implementation. The data is a binary blob received from the EAP method when its configuration UI is shown. The data is deciphered by the specific EAP method implementation and its format is known only to that specific EAP method implementation.

    From looking at the data, it would appear that the EAP type is pre-pended to the configuration blob:

    profiledata = "0D0000000000000000000000000000003C00000000000000... appears to be the config for EAP-TLS
    profiledata = "190000000000000000000000000000003800000002000000... appears to be the config for PEAP
    profiledata = "1A0000000000000000000000000000002402000002000000... appears to be the config for EAP-MSCHAPv2

    But understanding the format of the data beyond that is not possible as it is EAP method implementation specific.

    Check out http://msdn.microsoft.com/en-us/library/aa363593(VS.85).aspx for more information on how this configuration data is passed to/from an EAP method implementation.
    Tuesday, June 24, 2008 12:33 AM

All replies

  • Krishna,

    The profile attribute 0x100a (NP-Allowed-EAP-Type) specifies which EAP types are permitted for a connection:
    http://msdn.microsoft.com/en-us/library/bb960684(VS.85).aspx

    19000000000000000000000000000000 = PEAP
    0D000000000000000000000000000000 = EAP-TLS
    1A000000000000000000000000000000 = EAP-MSCHAPv2
    04000000000000000000000000000000 = EAP-MD5


    The data takes the form of the EAP_METHOD_TYPE struct in the Windows SDK include file eaptypes.h:
    typedef struct _EAP_TYPE  
    {  
       BYTE type;  
       DWORD dwVendorId;  
       DWORD dwVendorType;  
    } EAP_TYPE;  
     
    // definition of EAP_METHOD_TYPE used for describing an EAP method  
    typedef struct _EAP_METHOD_TYPE  
    {  
       EAP_TYPE eapType;  
       DWORD dwAuthorId;  
    } EAP_METHOD_TYPE;  
     

    The profile attribute 0x1fa2 (EAP-Configuration) specifies the configuration for a particular EAP method. The format of this data is dependent on the EAP method implementation. You can configure the method in the UI and dump the EAP-Configuration blob in netsh to use it again in netsh or SDO. Keep in mind that an EAP-Configuration blob you dump from an x86 OS can't be used on an x64 OS and vice-versa.
    Friday, June 20, 2008 10:37 PM
  • Thank You for your reply.

    Is there any better way for me to understand this whole thing , form the values and apply the values for the profile attribute 0x1fa2 (EAP-Configuration). ?

    please help me out.

    Thanks and Regards,
    krishna.



    krishna
    Monday, June 23, 2008 1:28 PM
  • Unfortunetly, the format of the data for profile attribute 0x1fa2 (EAP-Configuration) is specific to a particular EAP method implementation. The data is a binary blob received from the EAP method when its configuration UI is shown. The data is deciphered by the specific EAP method implementation and its format is known only to that specific EAP method implementation.

    From looking at the data, it would appear that the EAP type is pre-pended to the configuration blob:

    profiledata = "0D0000000000000000000000000000003C00000000000000... appears to be the config for EAP-TLS
    profiledata = "190000000000000000000000000000003800000002000000... appears to be the config for PEAP
    profiledata = "1A0000000000000000000000000000002402000002000000... appears to be the config for EAP-MSCHAPv2

    But understanding the format of the data beyond that is not possible as it is EAP method implementation specific.

    Check out http://msdn.microsoft.com/en-us/library/aa363593(VS.85).aspx for more information on how this configuration data is passed to/from an EAP method implementation.
    Tuesday, June 24, 2008 12:33 AM
  • thanks for your reply and time.

    Krishna

    krishna
    Wednesday, July 16, 2008 10:55 AM