3.2.1 Abstract Data Model
The RADIUS Protocol is a stateless protocol, as specified in [RFC2865] section 2.5.
A RADIUS Access-Request is generated by a RADIUS client based on a user request to a NAS. The RADIUS server generates a response containing RADIUS attributes based on the policy settings on the RADIUS server.
ClientNapCompatibility Mapping: The server SHOULD maintain a mapping that establishes the correspondence between a client, identified by an IP address, and NAP compatibility of that client. The mapping is a list of (IpAddress, Boolean) pairs. For initialization information about this ADM element, see section 3.2.3.
PolicyConfiguration structure: A structure that contains the policy that has been configured by the network administrator. The fields of the structure are as follows:
RASClientName: A list of NULL-terminated strings that is used to restrict the allowed computer names of the endpoint that is requesting access.
ServiceClass: A list of NULL-terminated strings that is used to restrict the allowed names of the groups of DHCP scopes that the endpoint requesting access MUST correspond to.
NetworkAccessServerType: A list of 32-bit unsigned integers in network byte order. The list is used to restrict the allowed types of the NAS that is sending RADIUS Access-Request messages. Possible values for list items are specified in section 2.2.1.11.
MachineName: A list of octet strings containing characters from the Windows ANSI code page (see [MSDN-ANSI-CODEPAGE]) in ANSI format. The list is used to restrict the allowed machine names of the endpoint that is requesting access.
HCAPUserGroup: A list of octet strings containing characters from Windows ANSI code page (see [MSDN-ANSI-CODEPAGE]) in ANSI format. The list is used to specify the group name to which an HCAP user belongs.
HCAPLocationGroupName: A list of octet strings containing characters from Windows ANSI code page (see [MSDN-ANSI-CODEPAGE]) in ANSI format. The list is used to specify the location group name for the HCAP entity.
HCAPUserName: A list of octet strings containing characters from Windows ANSI code page (see [MSDN-ANSI-CODEPAGE]) in ANSI format. The list is used to specify the name for the HCAP user.
UserIPv4Address: A list of 32-bit unsigned integers in network byte order. The list is used to restrict the allowed IPv4 addresses of the endpoint that is requesting access. Possible values for list items are specified in section 2.2.1.25.
UserIPv6Address: A list of 128-bit unsigned integers in network byte order. The list is used to restrict the allowed Ipv6 addresses of the endpoint that is requesting access. Possible values for list items are specified in section 2.2.1.26.