Information Technology Reference
In-Depth Information
9.
Click Configure Attribute to add the vendor-specific attribute. If you are adding an
RFC-compliant attribute, you will be prompted for the following on the Configure
VSA (RFC compliant) screen:
Vendor assigned attribute number:
The numeric representation of the attribute
you're defining, provided by your NAS vendor
Attribute format:
This format can be String, Hexadecimal, Decimal, or InetAddr
Attribute value:
The actual value of the attribute that this policy should check for.
10.
Click OK to configure the vendor-specific attribute.
11.
If you have more attributes to configure or delete, click the Add or Remove button.
12.
To change the order of the vendor-supplied attributes that you've configured, click
Move Up or Move Down as necessary.
13.
To save your changes, click OK, and then click Close.
14.
Click OK twice to update the remote access policy with the new vendor-specific
attribute.
How It Works
The IAS in Windows Server 2003 comes preconfigured with hundreds of RADIUS attributes
that you can use to control incoming connections, either those being processed locally or those
being forwarded to a remote RADIUS group. Many of these attributes are defined in the RADIUS
RFCs as standard attributes, but there are also a number of preconfigured attributes that are
specific to particular vendors, such as Microsoft, Cisco, USRobotics, and Ascend Communications.
If you need to define a vendor-specific attribute in addition to the preinstalled ones, you
can use the Vendor-Specific option to create a new one from scratch. First, you need to select
the vendor for which you are specifying the attribute. IAS comes preconfigured with the names
of the most common hardware and software vendors, or you can supply a numeric value that
has been supplied to you by the vendor. You can then configure the attribute by defining its
format as a string, a hexadecimal, or a decimal number.
You can arrange multiple RADIUS attributes in the appropriate order on the Multivalued
Attribute Information screen to make sure that they are processed in the correct order. For
example, if you've defined an attribute that you are using to automatically disconnect users
who do not meet certain criteria, you should make sure that this attribute appears at the top of
the list of defined attributes. You can use the Move Up and Move Down buttons to arrange
vendor-specific attributes in the correct order.
See Also
Recipe 6-11 for configuring RADIUS attributes
Microsoft TechNet: “Sample VSA for a Cisco NAS” (
http://www.microsoft.com/
technet/prodtechnol/windowsserver2003/library/ServerHelp/
4041ed2b-5441-4844-bc54-4f8b9d60389b.mspx
)
