Share via

3.3.4.1 Abstract Interface for Sending an Access Request Message

  • Article

SendRadiusAccessRequest: An abstract interface used by the PEP to send an Access  Request to the NAS Policy Server. The interface is defined as follows:

 HRESULT SendRadiusAccessRequest (
     [in] String clientName,
     [in] String clientVersion,
     [in] SID securityIdentity,
     [in] bool identityType,
     [in] String serviceClass,
     [in] DWORD networkAccessServerType,
     [in] String machineName,
     [in] GUID rasCorrelationId,
     [in] IPv4Address userIpv4Address,
     [in] IPv6Address userIpv6Address); 
 );

Unless otherwise specified, all multibyte elements are in host-byte order and all strings are Unicode strings.

The remainder of this section describes the individual parameters of the SendRadiusAccessRequest abstract interface.

clientName: The name of the RAS client endpoint machine.<8>

clientVersion: The version of the RAS client on the endpoint machine.<9>

securityIdentity: A binary data structure containing the security identifier (SID) of the requesting user.

The following is a description of the SID structure:

 struct SID
 {
     Void* pSidData,
     DWORD sidDataLength
 }
 // pSidData: A pointer to opaque binary data that contains the SID.
 // sidDataLength: The number of bytes in the SID data.

identityType: Indicates the type of authentication that the RADIUS server should perform. When this parameter is set to true, the RADIUS server MUST NOT perform authentication; instead, it MUST perform a machine health check on this request. If this parameter is set to false, the RADIUS server SHOULD perform authentication as well as a machine health check on this request.

serviceClass: The name of a group of DHCP scopes that correspond to the endpoint that is requesting access. This parameter MUST be set to NULL in the case where the calling NAS is not a DHCP server.

networkAccessServerType: This parameter MUST indicate the type of the NAS according to section 2.2.1.4.

machineName: The machine name of the endpoint that is requesting network access.

rasCorrelationId: A GUID value sent in the RADIUS [RFC2865] Access-Request or Accounting-Request messages to uniquely identify a RADIUS session. See section 3.2.5.1.7 for additional information.

The RRAS server maintains a correlation ID property in its communication with the RRAS client in order to be able to set the MS-RAS-Correlation-ID attribute (section 2.2.1.7) with the value of the RRAS correlation ID.

userIpv4Address: A NAS sets this parameter with the value of the IPv4 address of the endpoint requesting network access.

The following is the structure definition of this parameter:

 struct IPv4Address
 {
     Byte[4] bytes;
 }

userIpv6Address: A NAS that supports IPv6 sets this attribute with the value of the IPv6 address of the endpoint requesting network access.

A NAS that does not support IPv6 MUST set all the bytes of the structure to zero.

The following is the structure definition of this parameter.

 struct IPv6Address
 {
     Byte[16] bytes;
 }