Microsoft SoH Support

James J J Hooper jjj.hooper at bristol.ac.uk
Mon Oct 11 23:19:40 CEST 2010


On 11/10/2010 22:14, James J J Hooper wrote:
> On 11/10/2010 12:37, Phil Mayers wrote:
>> On 09/10/10 15:01, Garber, Neal wrote:
>>>> Thanks to a lot of work by Phil Mayers, the server now has support for
>>>> Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
>>>
>>> Wow! That *must* have been a lot of work! Thank you Phil.
>>>
>>> Does this mean FreeRADIUS can now act as a Health Policy Server?
>>
>> Yes, though it's not 100%. Specifically the code can challenge clients for
>> an SoH, and the client will submit it and FreeRadius decode it. There is
>> not (yet) support for FreeRadius generating and emitting an SoHR, because
>> I don't have a working example of such, and decoding the MS-SOH spec is
>> REALLY REALLY hard without at least some working data to compare to the
>> awful spec language!
>
>
> Hi Phil, Alan,
>
> http://msdn.microsoft.com/en-us/library/cc251376%28v=PROT.10%29.aspx
>
> -> Independent of the above states, the last bit of the third byte of the
> AU ClientStatusCode can take the value of 1 if the AU settings on the
> client are controlled by policy.
>
> [We do a little of
> http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx on our
> clients via our wireless set-up wizard to help them keep up to date with
> patches]
>
> ... Therefore patch attached {"confd-by=" format only a suggestion}.

...I wonder if MS ever end up with:

case 0x00000105:
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn unconfigured 
confd-by=policy", s);

Oh well, it's in the spec...

-James



More information about the Freeradius-Users mailing list