SoH patch (was Re: Microsoft SoH Support)

James J J Hooper jjj.hooper at
Thu Jan 6 17:48:30 CET 2011

On 11/10/2010 22:14, James J J Hooper wrote:
> On 11/10/2010 12:37, Phil Mayers wrote:
>> On 09/10/10 15:01, Garber, Neal wrote:
>>>> Thanks to a lot of work by Phil Mayers, the server now has support for
>>>> Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
>>> Wow! That *must* have been a lot of work! Thank you Phil.
>>> Does this mean FreeRADIUS can now act as a Health Policy Server?
>> Yes, though it's not 100%. Specifically the code can challenge clients for
>> an SoH, and the client will submit it and FreeRadius decode it. There is
>> not (yet) support for FreeRadius generating and emitting an SoHR, because
>> I don't have a working example of such, and decoding the MS-SOH spec is
>> REALLY REALLY hard without at least some working data to compare to the
>> awful spec language!
> Hi Phil, Alan,
> -> Independent of the above states, the last bit of the third byte of the
> AU ClientStatusCode can take the value of 1 if the AU settings on the
> client are controlled by policy.

Hi Guys,
   I've re-written the patch I originally forwarded to account for the 
third byte-first bit flag MS stuck in the middle of AU ClientStatusCode.

As attached - still not pretty~~


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: soh-patch-20110106.txt
URL: <>

More information about the Freeradius-Users mailing list