Sometimes you want to add a condition in NPS for check Vendor-Specificattribute. For example, when authenticating connection requests from Ruckus ZD controller, it is very useful to be able to check value of Ruckus-Location attribute, but NPS allow you to add such condition in their MMC consoles.
So, I make dump between WireShark and MS Radius, found VSA.
\
Then add condition to NPS via export/import xml radius config.
<msNPConstraint xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">MATCH("Vendor-Specific=01000061DD0506LCHS")</msNPConstraint>
Make request in console to check "netsh nps sh np"
But it does not work.
I tried to add terms ".*" to check validation NPS. It works.
<msNPConstraint xmlns:dt="urn:schemas-microsoft-com:datatypes" dt:dt="string">MATCH("Vendor-Specific=.*")</msNPConstraint>
|
|
|
|
How to set the condition for the NPS to check the VSA?