Answered by:
Forming Profile Data for Profile ID ( 4106 ) ID/Attribute name msNPAllowedEapType

Question
-
Hi,
Can you please tell me how to form the Profile data or AttributeValue for Profile ID ( 4106 ) /Attribute name msNPAllowedEapType while adding Connection Request Policy's Athentication Methods ?
Below is the nps config dump. ( i have added all allowed EAP types )
add crp name = "ConnectionReqPolicy" state = "enable" processingorder = "2" policysource = "0" conditionid = "0x1fac" conditiondata = "^1$" profileid = "0x1025" profiledata = "0x1"
profileid = "0x100a" profiledata = "0D000000000000000000000000000000"
profiledata = "19000000000000000000000000000000"
profiledata = "1A000000000000000000000000000000"
profileid = "0x1009" profiledata = "0x5" profiledata = "0x1" profiledata = "0x2" profiledata = "0x3" profiledata = "0x9" profiledata = "0x4" profiledata = "0xa" profiledata = "0x7" profileid = "0x1fb0" profiledata = "TRUE"
How to interpret this profile data related to msNPAllowedEapType , profileid = "0x100a" ?
This is What i get when i do edit on allowed EAP types.
add crp name = "ConnectionReqPolicy" state = "enable" processingorder = "2" policysource = "0" conditionid = "0x1fac" conditiondata = "^1$" profileid = "0x1025" profiledata = "0x1"
profileid = "0x1fa2"
profiledata = "0D0000000000000000000000000000003C00000000000000000000003C0000000000000014000000DAB64705FA5DF67911A4033E5FA3989AC38C8BD6129E980700000000129E98070000000000000000" profiledata = "190000000000000000000000000000003800000002000000380000000300000014000000DAB64705FA5DF67911A4033E5FA3989AC38C8BD60100000001000000100000001A00000000000000" profiledata = "1A000000000000000000000000000000240200000200000004000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
profileid = "0x100a" profiledata = "0D000000000000000000000000000000" profiledata = "19000000000000000000000000000000" profiledata = "1A000000000000000000000000000000" profileid = "0x1009" profiledata = "0x5" profiledata = "0x1" profiledata = "0x2" profiledata = "0x3" profiledata = "0x9" profiledata = "0x4" profiledata = "0xa" profiledata = "0x7" profileid = "0x1fb0" profiledata = "TRUE"
Can you please tell me what is happening here ? Why there is a change in the Profile ID ?
Can you please guide me how to form Profile Data or AttributeValue while setting thru Netsh or using SDO Lib
Attribute.PutProperty((int)SDOIASLib.ATTRIBUTEPROPERTIES.PROPERTY_ATTRIBUTE_VALUE, ref attrVal); ?
Please help me out in this as soon as possible.
Thanks And Regards,
krishna.
krishnaTuesday, June 3, 2008 3:30 PM
Answers
-
Unfortunetly, the format of the data for profile attribute 0x1fa2 (EAP-Configuration) is specific to a particular EAP method implementation. The data is a binary blob received from the EAP method when its configuration UI is shown. The data is deciphered by the specific EAP method implementation and its format is known only to that specific EAP method implementation.
From looking at the data, it would appear that the EAP type is pre-pended to the configuration blob:
profiledata = "0D0000000000000000000000000000003C00000000000000... appears to be the config for EAP-TLS
profiledata = "190000000000000000000000000000003800000002000000... appears to be the config for PEAP
profiledata = "1A0000000000000000000000000000002402000002000000... appears to be the config for EAP-MSCHAPv2
But understanding the format of the data beyond that is not possible as it is EAP method implementation specific.
Check out http://msdn.microsoft.com/en-us/library/aa363593(VS.85).aspx for more information on how this configuration data is passed to/from an EAP method implementation.- Edited by Matt McKenzie [MSFT] Tuesday, June 24, 2008 1:01 AM Corrected spelling
- Marked as answer by Greg LindsayMicrosoft employee Tuesday, July 15, 2008 8:27 PM
Tuesday, June 24, 2008 12:33 AM
All replies
-
Krishna,
The profile attribute 0x100a (NP-Allowed-EAP-Type) specifies which EAP types are permitted for a connection:
http://msdn.microsoft.com/en-us/library/bb960684(VS.85).aspx
19000000000000000000000000000000 = PEAP 0D000000000000000000000000000000 = EAP-TLS 1A000000000000000000000000000000 = EAP-MSCHAPv2 04000000000000000000000000000000 = EAP-MD5
The data takes the form of the EAP_METHOD_TYPE struct in the Windows SDK include file eaptypes.h:typedef struct _EAP_TYPE { BYTE type; DWORD dwVendorId; DWORD dwVendorType; } EAP_TYPE; // definition of EAP_METHOD_TYPE used for describing an EAP method typedef struct _EAP_METHOD_TYPE { EAP_TYPE eapType; DWORD dwAuthorId; } EAP_METHOD_TYPE;
The profile attribute 0x1fa2 (EAP-Configuration) specifies the configuration for a particular EAP method. The format of this data is dependent on the EAP method implementation. You can configure the method in the UI and dump the EAP-Configuration blob in netsh to use it again in netsh or SDO. Keep in mind that an EAP-Configuration blob you dump from an x86 OS can't be used on an x64 OS and vice-versa.- Edited by Matt McKenzie [MSFT] Friday, June 20, 2008 10:55 PM Missing information
- Proposed as answer by Greg LindsayMicrosoft employee Saturday, June 21, 2008 1:05 AM
Friday, June 20, 2008 10:37 PM -
Thank You for your reply.
Is there any better way for me to understand this whole thing , form the values and apply the values for the profile attribute 0x1fa2 (EAP-Configuration). ?
please help me out.
Thanks and Regards,
krishna.
krishnaMonday, June 23, 2008 1:28 PM -
Unfortunetly, the format of the data for profile attribute 0x1fa2 (EAP-Configuration) is specific to a particular EAP method implementation. The data is a binary blob received from the EAP method when its configuration UI is shown. The data is deciphered by the specific EAP method implementation and its format is known only to that specific EAP method implementation.
From looking at the data, it would appear that the EAP type is pre-pended to the configuration blob:
profiledata = "0D0000000000000000000000000000003C00000000000000... appears to be the config for EAP-TLS
profiledata = "190000000000000000000000000000003800000002000000... appears to be the config for PEAP
profiledata = "1A0000000000000000000000000000002402000002000000... appears to be the config for EAP-MSCHAPv2
But understanding the format of the data beyond that is not possible as it is EAP method implementation specific.
Check out http://msdn.microsoft.com/en-us/library/aa363593(VS.85).aspx for more information on how this configuration data is passed to/from an EAP method implementation.- Edited by Matt McKenzie [MSFT] Tuesday, June 24, 2008 1:01 AM Corrected spelling
- Marked as answer by Greg LindsayMicrosoft employee Tuesday, July 15, 2008 8:27 PM
Tuesday, June 24, 2008 12:33 AM -
thanks for your reply and time.
Krishna
krishnaWednesday, July 16, 2008 10:55 AM