locked
NAP SoH Request RRS feed

  • Question

  • Hi,

    I am developing a RADIUS server and want to be able to parse SoH lists sent from the client.
    To Request SoH list I am sending the following EAP-Request within the established PEAP tunnel. The bytes are in network order.

    <<1, X, 0, 17, 33, 128, 7, 0, 8, 0, 0, 1, 55, 0, 2, 0, 0>>

    Where <<0, 0, 1, 55>> is the Microsoft Vendor ID "311" and <<0, 2>> is the MS-NAP-SoH-Request followed by <<0, 0>> TLV length.

    I am getting back the empty EAP-Response/EAP-TLV/TLV-Result which is probably an error indicator.

    <<2, X, 0, 7, 33, 128, 3>>

    Could you point out what is wrong with my SoH-Request packet.

    Thanks in advance,
    Ruslan
    Monday, July 2, 2007 10:43 PM

Answers

All replies

  • I am not sure how <<0, 0, 1, 55>> maps to MS vendor ID "311" ? It should be <<0, 0, 1, 37>>.

     

    -

    Ambrish

    Saturday, July 7, 2007 12:03 AM
  • I have the same problem sending the SOH-Request

    <<1, X, 0, 17, 33, 128, 7, 0, 8, 0, 0, 1, 55, 0, 2, 0, 0>>


    I also tried to replace
    <<0, 0, 1, 55>>  with  <<0, 0, 1, 37>> according to the previous post, but the result is the same.
    I think that
    <<0, 0, 1, 55>>  must be right because this is the decimal value of 0x00000137.

    I also read the specification of PEAP again and tried the following EAP packet:
    <<1, X, 0, 24, 254, 0, 1, 55, 0, 0, 0, 33, 128, 7, 0, 8, 0, 0, 1, 55, 0, 2, 0 ,0>>

    Where
    <<1, X, 0, 24, 254>> is the EAP Header (254 = SOH Extension Method), <<0, 1, 55, 0, 0, 0, 33>> is the SOH EAP Extension Method, <<128, 7, 0, 8, 0, 0, 1, 55>> is the Vendor Specific TLV and where <<0, 2, 0, 0>>  is the SOH-Request.  But I'm getting back a NAK.

    Could you point out what is wrong and give me an example of a working SOH-request?

    Thanks in advance,
    Fuki

    Monday, April 28, 2008 12:37 PM
  • I am checking with some folks on this one Fuki. I’ll let you know what I hear back!

     

    {Jeff Sigman}{Senior Program Manager & NAP Hero}{Enterprise Security Group}

    {NAP Blog, FAQ, Forum, MSDN, Site and my bloÿg}

    Monday, April 28, 2008 9:14 PM
  • Hi Fuki

    You should send
    <<1, X, 0, 24, 254, 0, 1, 55, 0, 0, 0, 33, 0, 7, 0, 8, 0, 0, 1, 55, 0, 2, 0 ,0>>  (all the numbers are decimal)

    Note 0 instead of 128.

    Also, if you are getting back a NAK it could be that the client is not configured to send SoH.
    Make sure "Enable Quarantine checks" is checked and NAP agent is started on the client.

    Regards,
    Ruslan

    Monday, April 28, 2008 9:37 PM
  • Hi Mujaheed

    I used 128 in the packet because according to the specification the mandatory/optional flag has to be set to 1.
    (http://msdn.microsoft.com/library/shared/deeptree/asp/rightframe.asp?dtcfg=/library/deeptreeconfig.xml&url=/library/en-us/randz/protocol/nap_soh_and_ssoh_messages.asp?frame=true&hidetoc=false)

    I get the same result using this packet
    ("Enable Quarantine checks" is checked and NAP agent is started on the client):
    <<1, X, 0, 24, 254, 0, 1, 55, 0, 0, 0, 33, 0, 7, 0, 8, 0, 0, 1, 55, 0, 2, 0 ,0>>  (all the numbers are decimal)


    The svchost_RASTLS logfile contains the following values:
    ....
    [2680] 04-29 09:20:10:300: Negotiation successful
    [2680] 04-29 09:20:10:300: PeapGetTunnelProperties
    [2680] 04-29 09:20:10:300: Successfully negotiated TLS with following parametersdwProtocol = 0x80, Cipher= 0x6611, CipherStrength=0x80, Hash=0x8004
    [2680] 04-29 09:20:10:300: PeapGetTunnelProperties done
    [2680] 04-29 09:20:10:300: PEAP_STATE_FAST_ROAMING_IDENTITY_REQUEST
    [2680] 04-29 09:20:10:300: PeapClientDecryptTunnelData
    [2680] 04-29 09:20:10:300: IsDuplicatePacket
    [2680] 04-29 09:20:10:300: PeapDecryptTunnelData dwSizeofData = 37, pData = 0x540c676
    [2680] 04-29 09:20:10:300: Blob length 37
    [2680] 04-29 09:20:10:300: PeapDecryptTunnelData completed with status 0x0
    [2680] 04-29 09:20:10:300: IsMsEapTlvPacket
    [2680] 04-29 09:20:10:300: IsEapTLVInsidePEAP
    [2680] 04-29 09:20:10:300: PeapEncryptTunnelData
    [2680] 04-29 09:20:10:300: Blob length 53
    [2680] 04-29 09:20:10:300: PeapEncryptTunnelData completed with status 0x0
    [2680] 04-29 09:20:10:300: EapPeapCMakeMessage done
    [2680] 04-29 09:20:10:300: EapPeapMakeMessage done
    [2680] 04-29 09:20:10:320: EapPeapMakeMessage
    [2680] 04-29 09:20:10:320: EapPeapCMakeMessage, flags(0x500)
    [2680] 04-29 09:20:10:320: Cloned PPP_EAP_PACKET packet
    [2680] 04-29 09:20:10:320: PEAP: PEAP_STATE_IDENTITY_RESPONSE_SENT
    [2680] 04-29 09:20:10:320: PeapClientDecryptTunnelData
    [2680] 04-29 09:20:10:320: IsDuplicatePacket
    [2680] 04-29 09:20:10:320: PeapDecryptTunnelData dwSizeofData = 53, pData = 0x541ce8e
    [2680] 04-29 09:20:10:320: Blob length 53
    [2680] 04-29 09:20:10:320: PeapDecryptTunnelData completed with status 0x0
    [2680] 04-29 09:20:10:320: IsMsEapTlvPacket
    [2680] 04-29 09:20:10:320: IsEapTLVInsidePEAP
    [2680] 04-29 09:20:10:320: NAK inner method
    [2680] 04-29 09:20:10:320: PeapEncryptTunnelData
    [2680] 04-29 09:20:10:320: Blob length 37
    [2680] 04-29 09:20:10:320: PeapEncryptTunnelData completed with status 0x0
    [2680] 04-29 09:20:10:320: EapPeapCMakeMessage done
    [2680] 04-29 09:20:10:320: EapPeapMakeMessage done
    [2680] 04-29 09:20:11:492: EapPeapEnd
    [2680] 04-29 09:20:11:492: EapTlsEnd
    [2680] 04-29 09:20:11:492: EapTlsEnd(contoso\user1)
    [2680] 04-29 09:20:11:512: EapPeapEnd done


    Regards,
    Fuki

    Tuesday, April 29, 2008 7:40 AM
  • I’m back. Well, since these are licensed protocols, we are unable to discuss them via this forum. The appropriate place to engage with Microsoft is below. Please let me know if you don’t get the help you need and I can assist!

     

    http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=2056&SiteID=1

     

     

    {Jeff Sigman}{Senior Program Manager & NAP Hero}{Enterprise Security Group}

    {NAP Blog, FAQ, Forum, MSDN, Site and my bloÿg}

    Tuesday, April 29, 2008 6:09 PM
  • I posted my question in the MSDN forum for windows protocols but I didn't get any hints to solve the problem. Is there an other way to get some assistance?

    Thanks in advance,
    Fuki

    Monday, May 19, 2008 7:34 AM
  • Fuki, I am checking with our developers right now. Hope to get back to you soon!

     

     

     

    {Jeff Sigman}{Senior Program Manager & NAP Hero}{Enterprise Security Group}

    {NAP Blog, FAQ, Forum, MSDN, Site and my bloÿg}

    Wednesday, May 21, 2008 5:54 PM