NPS extension - RADIUS attributes of Network policy

Krishna Kumar J 6 Reputation points
2021-02-26T15:44:36.217+00:00

Problem : The NPS server is not setting the RADIUS attributes if radius challenge-response is used by my custom NPS extension to additionally verify the user. RADIUS auth protocol used is PAP.

My logic for challenge verification :

  1. During repAuthorization extension point, rcAccessChallenge response code will be set along with a state.
  2. During the next repAuthentication point, based on the state, challenge value will be verified and rcAccessAccept response code will be set.

As per Azure MFA NPS extension documentation when text based MFA is used, RADIUS attributes won't be forwarded.

Questions

  1. Is the behavior of NPS server or is there any workaround to achieve this or any development going to overcome this behavior ?
  2. Also I can see a constant definition "EnforceNetworkPolicyForPAPBasedChallengeResponse" at Authif.h header which seems more like a registry value. Does this has anything to do with the problem or requirement ?
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
515 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Candy Luo 12,656 Reputation points Microsoft Vendor
    2021-03-01T08:28:37.83+00:00

    Hi ,

    Thanks for your posting here.

    I did not find any Microsoft official document talking about this behavior. If you want to know deeper, I would suggest you contact Microsoft Customer Support and Services where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this question.

    Here is the link:

    https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

    Best Regards,

    Candy

    0 comments