locked
[Forum FAQ]How to interpret the Microsoft vendor-specific attributes (VSAs) in NPS accounting log RRS feed

  • General discussion

  • Remote Authentication Dial-In User Service(RADIUS) attributes are containers that include a type, a length, and a value that hold information that is sent in RADIUS messages between RADIUS clients and RADIUS servers.

    One RADIUS message can include multiple RADIUS attributes, each of which holds a specific type of information for which the attribute was designed.

    Network Policy Server (NPS) allows you to add vendor-specific attributes (VSAs) to individual network policies, providing you with the ability to deploy new RADIUS client products that have proprietary functionality that are not defined in Request for Comments (RFC) 2865.

    If we have configured local file logging, NPS records accounting information in log files on the local hard drive.

    When we meet some authenticate issue on NPS server, to find why the request is rejected, we can check the NPS accounting log.

    If the NPS accounting log that is configured in IAS format, we will find that the RADIUS attributes have been logged as numbers like 8132, 8136, 8158 etc. (See Figure 1)

    Figure 1.

    However, this log file doesn’t provide the meaning of these numbers.

    For standard RADIUS attributes, we can interpret the attribute id by RFC document.

    How can we interpret the Microsoft vendor-specific attributes? Actually, we can find the MS VSAs and the corresponding attribute id in ATTRIBUTEID enumeration type.

    For detailed information about ATTRIBUTEID enumeration type, please refer to the link below:

    https://msdn.microsoft.com/en-us/library/bb960612(v=vs.85).aspx

    For example, if we want to know the meaning of the attribute id 8132, we can search it in the ATTRIBUTEID enumeration type, then we will find that it means “MS_ATTRIBUTE_NETWORK_ACCESS_SERVER_TYPE”.

    Figure 2.


    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Tuesday, March 17, 2015 9:31 AM