P Gateway with NPS as Radius proxy not sending attributes except username

Question

we have a CAS (Central Authentication Service) that supports login with OTP so I'm trying to configure NPS as radius proxy

the packet I receive only have following atrributes :

 0 = {IntegerAttribute@7605} "Service-Type: Voice"
1 = {StringAttribute@7606} "User-Name: PF\admin"
2 = {StringAttribute@7607} "Called-Station-Id: UserAuthType:PW"
3 = {VendorSpecificAttribute@7608} "Vendor-Specific: MS (311)\n  Unknown-Sub-Attribute-50: 0x444556454c4f5045522d33322e73702e6c6f63616c"
4 = {VendorSpecificAttribute@7609} "Vendor-Specific: MS (311)\n  Unknown-Sub-Attribute-47: 0x00000001"
5 = {IntegerAttribute@7610} "NAS-Port-Type: Virtual"
6 = {RadiusAttribute@7611} "Proxy-State: 0xfe80000000000000498cbb5e565280140000018d"
7 = {RadiusAttribute@7612} "Message-Authenticator: 0xd0ec5111913160aeee76862f0d4e6035"

which cause tinyradius to throw exception as only username is available and I don't know what are the attributes of number 3 & 4 as I'm not able to find Microsoft specific attributes but it seems 25 and 11 are for mschapv2 response and mschapV2 challenge that it expects. I could not find anything about what can cause this or what does this mean

Answer 1

Hello Farbod,

Thank you for your question and for reaching out with your question today.

Based on the information you've provided, it seems that your RADIUS request includes Microsoft-specific attributes with sub-attributes that are not standard RADIUS attributes. These attributes might be specific to your CAS or NPS setup.

If the reply was helpful, please don’t forget to upvote or accept as answer.