Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, July 30, 2012 3:55 PM
Hello all,
I'm having difficulty configuring the NPS to understand Vendor Specific Attributes (VSAs). We have a Session Border Controller (SBC) from the vendor Ingate. The Ingate SBC uses RADIUS accounting to send Call Detail Records (CDRs) as well as Media statistics of each call. We are receiving the data just fine, it's just that I don't know how to configure the VSAs and get the NPS to understand them.
I checked the Ingate documentation, and it says it is RFC 2866 compliant. The documentation also contains the info needed to configure the attributes. I have attached an image to show you all a sample. (Note: In the image, the last 2 rows are VSAs, the other's are commonly known). I've also attached a sample of the dictionary file that is located in the user guide which displays the VSAs.
Now I followed the steps outlined here: http://technet.microsoft.com/en-us/library/cc731611(v=ws.10)
But if you look at my attachment, there's no place in NPS to configure the Attribute Name, and then configure the value type. For instance, when I put VSA 128 as integer, NPS gives me an error saying that I need to input a value of some type.
Please help!
Thanks,
John
All replies (8)
Tuesday, July 31, 2012 8:53 AM âś…Answered
Hi John,
Thank you for the post.
You miss operater "click Vendor Specific. In the details pane, click Add" in steps 2.
2.In policy properties, click Settings, and then click Vendor Specific. In the details pane, click Add. The Add Vendor Specific Attribute dialog box opens.
I have not found your vendor (SBC/Ingate) in vendor list, I assume the vendor code is 50. Here is the VSA screenshot for you.
https://skydrive.live.com/?cid=89aee176339ad2f9#cid=89AEE176339AD2F9&id=89AEE176339AD2F9%21206
If there are more inquiries on this issue, please feel free to let us know.
Regards
Rick Tan
TechNet Community Support
Tuesday, July 31, 2012 2:01 PM
Hey Rick,
Thanks for the reply. The screenshot really helps. The vendor ID according to the Ingate documentation is 13465.
I have a couple more questions:
1) In your screenshot, why did you assign an attribute value of 1 for the Integer?
2) How would you configure a String Attribute? What Attribute Value would you put in there? (if you could attach a screenshot, that would be fantastic!)
Appreciate the help Rick.
Thanks,
John
Wednesday, August 1, 2012 9:05 AM
Hi John,
1) In your screenshot, why did you assign an attribute value of 1 for the Integer?
I assigned value to 1 is based on your original post sample.
IG-Acct-Input-Jitter 128 Four octets(32 bit unsigned value)-Integer 1
2) How would you configure a String Attribute? What Attribute Value would you put in there?
Just change the Attribute format to string in Configure VSA window. The value is controlled by the configurtions of your Ingate device.
Regards
Rick Tan
TechNet Community Support
Wednesday, August 1, 2012 4:57 PM
Hey Rick,
I believe the "Sample" column of that document just indicates a sample of the data that is received. Are you saying that in the NPS under "Attribute Value", we have to just put a sample of the data that is being received? I just assumed something else was being expected.
Please confirm.
Thanks,
John
Friday, August 3, 2012 4:02 AM
Hi John,
You just need to add VSA with "Attribute Value" if you want to change/configure the attribute. No need to add other default value VSA.
http://technet.microsoft.com/en-us/library/cc725979(WS.10).aspx
Regards
Rick Tan
TechNet Community Support
Friday, August 17, 2012 5:43 PM
Hey Rick,
I have added all of the VSAs in the way you described above, but now I have another problem. When they are being received by the NPS, there is no distinction between the VSAs. First, take a look at a sample packet capture I took on the NPS (I've highlighted a few in red):
Notice in the Packet Capture above that the Vendor Attribute number is located next to the t=Unknown-Attribute field (Example: t=Unknown-Attribute(128)). Below is a sample of what is being received and logged by NPS (I pulled this sample from the text log). I highlighted the VSAs in Bold:
<Event>
--Omitted Content
<Acct-Input-Octets data_type="0">121600</Acct-Input-Octets>
<Acct-Output-Octets data_type="0">800</Acct-Output-Octets>
<Acct-Input-Packets data_type="0">608</Acct-Input-Packets>
<Acct-Output-Packets data_type="0">4</Acct-Output-Packets>
<Vendor-Specific data_type="2">00003499800600000000</Vendor-Specific>
<Vendor-Specific data_type="2">00003499810600000000</Vendor-Specific>
<Vendor-Specific data_type="2">0000349990060000000C</Vendor-Specific>
<Vendor-Specific data_type="2">00003499910600000000</Vendor-Specific>
<Vendor-Specific data_type="2">00003499820600000000</Vendor-Specific>
<Vendor-Specific data_type="2">00003499830600000000</Vendor-Specific>
<Vendor-Specific data_type="2">00003499840600000000</Vendor-Specific>
<Vendor-Specific data_type="2">00003499850600000000</Vendor-Specific>
<Vendor-Specific data_type="2">00003499860600000000</Vendor-Specific>
<Vendor-Specific data_type="2">00003499870600000000</Vendor-Specific>
<Vendor-Specific data_type="2">00003499880600000000</Vendor-Specific>
<Vendor-Specific data_type="2">00003499890600000000</Vendor-Specific>
<Vendor-Specific data_type="2">000034998A0600000000</Vendor-Specific>
<Vendor-Specific data_type="2">000034998B0600000000</Vendor-Specific>
<Vendor-Specific data_type="2">000034998C044E6F</Vendor-Specific>
<Vendor-Specific data_type="2">000034998D044E6F</Vendor-Specific>
<Vendor-Specific data_type="2">000034998E0650434D55</Vendor-Specific>
<Vendor-Specific data_type="2">000034998F0650434D55</Vendor-Specific>
<Vendor-Specific data_type="2">000034999505302E30</Vendor-Specific>
<Vendor-Specific data_type="2">000034999605302E31</Vendor-Specific>
<Vendor-Specific data_type="2">00003499970600000000</Vendor-Specific>
<Vendor-Specific data_type="2">000034999805302E30</Vendor-Specific>
<Vendor-Specific data_type="2">000034999905302E30</Vendor-Specific>
<Vendor-Specific data_type="2">000034999A0600000000</Vendor-Specific>
<Client-Vendor data_type="0">0</Client-Vendor>
<Client-Friendly-Name data_type="1">Ingate SBC</Client-Friendly-Name>
<Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name>
<Packet-Type data_type="0">4</Packet-Type>
<Reason-Code data_type="0">0</Reason-Code>
</Event>
My question is: Why isn't NPS taking that vendor specific data that is being received and distinguishing them by their attribute numbers which I have defined in the Network Policy?
Thanks,
John
Monday, August 20, 2012 2:55 AM
Hi John,
NPS log output format is hard-coded by design. Here is similar thread. Hope it helps you.
http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/658686de-d1ee-42f3-b307-14ac08941376
Regards
Rick Tan
TechNet Community Support
Friday, August 24, 2012 6:41 PM
Hey Rick,
That link you sent seems more like a band-aid solution which doesn't get to the heart of the problem which is: NPS does not recognize Vendor Specific Attributes properly. If it did, NPS would be able to distinguish each attribute based on their Attribute ID.
I downloaded a 3rd party RADIUS server called TekRadius, and it was not only able to distinguish each VSA, but I was also able to attach an Attribute name along with the Attribute ID.
I think if Microsoft is serious about making this a viable service, they should include this feature in future releases.
Thanks,
John