IAS-proxy and adding attributes part 2

anonymous_at_discussions.microsoft.com
Date: 03/21/05 

Date: Mon, 21 Mar 2005 06:01:46 -0800

Hello.
I have had this question on this newsgroup before. I have
been waiting for a reply, but not gotten it.
IŽll try to post this once more.

I need to add a RADIUS attribute (NAS-IP-Address) to the
Access-Request when it passes the IAS and proxies it to
internal RADIUS-servers.

Latest reply from Sam:
Hi Mika, sorry to hear about your trouble, we'll try to
provide you with
anything we can to help you out

For this specific problem. IAS (or any other proxy) can
not just inject
items in the access requests because this means that it
has altered it and
will cause tons of issues for the backend server (ACS in
this case)

What we can do, is create a custom policy to handle this
issue.

Your other option would be to implement and IAS Extension
DLL which will
intercept the request, Add additional attributes, before
the request is
forwarded. However, this option needs programming

My question again:
It is nice to know that there IS a solution to my problem.
How can this custom policy be created? Is this something i
can do myself? Does it require programming or extra dll-
files added to the system?

And if i would want to use the extension dll.
What would be the correct procedure to do this?
First, get the dll-files and then set up a lab enviroment?
What programming languages are used? etc.
Please help.

Regards
Mika

Relevant Pages

  • RE: check group membership in Connection Request Policy
    ... The access request does not contain a valid user password, ... Authentication is done at the VPN3000, ... So what data does the VPN3000 send to the IAS? ... a custom IAS extension would be really a solution. ...
    (microsoft.public.internet.radius)
  • RE: check group membership in Connection Request Policy
    ... The access request does not contain a valid user password, ... We already do 802.1x authentication with our Enterasys switches, ... IAS is not able to do authentication, since digital certificates are used on ... I am intereseted in your custom IAS extension. ...
    (microsoft.public.internet.radius)
  • RE: check group membership in Connection Request Policy
    ... IAS is not able to do authentication, since digital certificates are used on ... the request is matched against a CRP (based on certain rules a CRP ... I am intereseted in your custom IAS extension. ...
    (microsoft.public.internet.radius)
  • Re: IAS with PEAP and Airespace (now Cisco 1000)
    ... One of the IAS developers forwarded this comment and question to me about ... The rastls log entry "Unauthorized use of PEAP attempted" means that the ... >>> Access request for user DOMAIN\LoriTest was discarded. ... >>> I've gone over our configuration many times, ...
    (microsoft.public.internet.radius)
  • Re: Form Security
    ... Jerry Stuckle wrote: ... If I am authorized to fire employees, then a request sent by me to fire ... field as well as stored in my session. ... I suspect I've been doing this a hell of a lot longer than he has - and been programming longer than he's been alive. ...
    (comp.lang.php)