3.1.5.2 Microsoft VSA Support of RADIUS Messages
The RADIUS Protocol standard (as specified in [RFC2865] section 4) defines the messages sent between a RADIUS client and a RADIUS server. Each Microsoft VSA is valid only in certain messages as defined in the second table.
The following table defines the meaning of the entries in the second table.
|
Value |
Meaning |
|---|---|
|
0 |
This attribute MUST NOT be present in packet. |
|
0+ |
Zero or more instances of this attribute MUST be present in the packet. |
|
0-1 |
Zero or one instance of this attribute MUST be present in the packet. |
|
Microsoft vendor-specific attribute |
Request |
Accept |
Reject |
Challenge |
Accounting-Request |
|---|---|---|---|---|---|
|
MS-RAS-Client-Name |
0-1 |
0 |
0 |
0 |
0-1 |
|
MS-RAS-Client-Version |
0-1 |
0 |
0 |
0 |
0-1 |
|
MS-Quarantine-IPFilter |
0 |
0+ |
0 |
0 |
0+ |
|
MS-Quarantine-Session-Timeout |
0 |
0-1 |
0 |
0 |
0-1 |
|
MS-User-Security-Identity |
0-1 |
0 |
0 |
0 |
0-1 |
|
MS-Identity-Type |
0-1 |
0 |
0 |
0 |
0 |
|
MS-Service-Class |
0-1 |
0 |
0 |
0 |
0 |
|
MS-Quarantine-User-Class |
0 |
0-1 |
0 |
0 |
0 |
|
MS-Quarantine-State |
0 |
0-1 |
0 |
0 |
0 |
|
MS-Quarantine-Grace-Time |
0 |
0-1 |
0 |
0 |
0 |
|
MS-Network-Access-Server-Type |
0-1 |
0 |
0 |
0 |
0 |
|
MS-AFW-Zone |
0 |
0-1 |
0 |
0 |
0 |
|
MS-AFW-Protection-Level |
0 |
0-1 |
0 |
0 |
0 |
|
MS-Machine-Name |
0-1 |
0 |
0 |
0 |
0-1 |
|
MS-IPv6-Filter |
0 |
0+ |
0 |
0 |
0+ |
|
MS-IPv4-Remediation-Servers |
0 |
0-1 |
0 |
0 |
0 |
|
MS-IPv6-Remediation-Servers |
0 |
0-1 |
0 |
0 |
0 |
|
Not-Quarantine-Capable |
0 |
0-1 |
0 |
0 |
0 |
|
MS-Quarantine-SoH |
0-1 |
0-1 |
0 |
0 |
0 |
|
MS-RAS-Correlation-ID |
0-1 |
0 |
0 |
0 |
0-1 |
|
MS-Extended-Quarantine-State |
0 |
0-1 |
0 |
0 |
0 |
|
HCAP-User-Groups |
0-1 |
0 |
0 |
0 |
0 |
|
HCAP-Location-Group-Name |
0-1 |
0 |
0 |
0 |
0 |
|
HCAP-User-Name |
0-1 |
0 |
0 |
0 |
0 |
|
MS-User-IPv4-Address |
0-1 |
0 |
0 |
0 |
0 |
|
MS-User-IPv6-Address |
0-1 |
0 |
0 |
0 |
0 |
|
MS-RDG-Device-Redirection |
0 |
0-1 |
0 |
0 |
0 |