2.2.1 Microsoft Vendor-Specific Attributes (VSAs)
The RADIUS Protocol specification [RFC2865] defines attribute type 0x1A as a VSA. This type was defined to allow vendors to extend the RADIUS attribute set. For reference, the format of the standard RADIUS attribute is provided below.
When representing a VSA, the fields MUST be set as follows (for more details, see [RFC2865]).
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Type |
Length |
Value (variable) |
|||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Type (1 byte): An 8-bit unsigned integer that MUST be 0x1A, which indicates the type of the Value field as vendor-specific.
Length (1 byte): An 8-bit unsigned integer that MUST specify the sum of the lengths of an attribute's Type, Length, and Value fields, in bytes. For vendor-specific RADIUS attributes, the value MUST be at least 9 to account for the Type, Length, and Value fields. The RADIUS client SHOULD ignore the attribute if the value is less than 9.
Value (variable): For Microsoft vendor-specific RADIUS attribute, the value MUST be formatted as specified in [RFC2865] section 5.26. For reference, the format is as follows.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1Vendor-ID
Vendor-Type
Vendor-Length
Attribute-Specific Value (variable)
...
-
Vendor-ID (4 bytes): A 32-bit unsigned integer in network byte order, the most significant 8 bits MUST be set to 0 and the remaining 24 bits MUST be set to the SMI code of the vendor taken from [IANA-ENT]. Microsoft VSAs MUST have the Vendor-ID field set to 311 (0x00000137).
-
Vendor-Type (1 byte): An 8-bit unsigned integer that MUST specify the VSA type contained in the Attribute-Specific Value field. Microsoft VSA vendor types MUST be set as specified in [RFC2548] and in sections 2.2.1.1 through 2.2.1.10 of this specification.
-
Vendor-Length (1 byte): An 8-bit unsigned integer that MUST be set to 2 plus the length of Attribute-Specific Value. The RADIUS client SHOULD ignore the attribute if Vendor-Length is less than 3.
-
Attribute-Specific Value (variable): The value of the VSA specified in the Vendor-Type field. The format of the Attribute-Specific Value field for a given Vendor-Type MUST be set as specified in [RFC2548] and in sections 2.2.1.1 through 2.2.1.10 of this specification.
-
The attribute definitions in the following sections specify the specific parameters relevant to that extension.
-