On 11/10/2010 22:14, James J J Hooper wrote:
On 11/10/2010 12:37, Phil Mayers wrote:
On 09/10/10 15:01, Garber, Neal wrote:
Thanks to a lot of work by Phil Mayers, the server now has support for
Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
Wow! That *must* have been a lot of work! Thank you Phil.
Does this mean FreeRADIUS can now act as a Health Policy Server?
Yes, though it's not 100%. Specifically the code can challenge clients for
an SoH, and the client will submit it and FreeRadius decode it. There is
not (yet) support for FreeRadius generating and emitting an SoHR, because
I don't have a working example of such, and decoding the MS-SOH spec is
REALLY REALLY hard without at least some working data to compare to the
awful spec language!
Hi Phil, Alan,
http://msdn.microsoft.com/en-us/library/cc251376%28v=PROT.10%29.aspx
-> Independent of the above states, the last bit of the third byte of the
AU ClientStatusCode can take the value of 1 if the AU settings on the
client are controlled by policy.
Hi Guys,
I've re-written the patch I originally forwarded to account for the
third byte-first bit flag MS stuck in the middle of AU ClientStatusCode.
As attached - still not pretty~~
-James
diff --git a/src/main/soh.c b/src/main/soh.c
index 9ea5698..e57a714 100644
--- a/src/main/soh.c
+++ b/src/main/soh.c
@@ -499,21 +499,23 @@ int soh_verify(REQUEST *request, VALUE_PAIR *sohvp, const
uint8_t *data, unsigne
case 3:
/* auto updates */
s = "auto-updates";
- switch (hcstatus) {
+ /* The first bit of the
second octet indicates if the case is by-policy (e.g. Group Policy) or not.
+ We ignore this bit
in the switch, and then deal with it if necessary in each case */
+ switch (hcstatus &
0xfffffeff) {
case 1:
-
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn disabled", s);
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn disabled
by-policy=%i", s, hcstatus & 0x0100 ? 1 : 0);
break;
case 2:
-
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=check-only",
s);
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=check-only
by-policy=%i", s, hcstatus & 0x0100 ? 1 : 0);
break;
case 3:
-
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=download", s);
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=download
by-policy=%i", s, hcstatus & 0x0100 ? 1 : 0);
break;
case 4:
-
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=install", s);
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=install
by-policy=%i", s, hcstatus & 0x0100 ? 1 : 0);
break;
case 5:
-
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn unconfigured", s);
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn unconfigured
by-policy=%i", s, hcstatus & 0x0100 ? 1 : 0);
break;
case 0xc0ff0003:
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn service-down", s);
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
