3.3.4.1 Abstract Interface for Sending an Access Request Message
SendRadiusAccessRequest: An abstract interface used by the PEP to send an Access Request to the NAS Policy Server. The interface is defined as follows:
-
HRESULT SendRadiusAccessRequest ( [in] String clientName, [in] String clientVersion, [in] SID securityIdentity, [in] bool identityType, [in] String serviceClass, [in] DWORD networkAccessServerType, [in] String machineName, [in] GUID rasCorrelationId, [in] IPv4Address userIpv4Address, [in] IPv6Address userIpv6Address); );
Unless otherwise specified, all multibyte elements are in host-byte order and all strings are Unicode strings.
The remainder of this section describes the individual parameters of the SendRadiusAccessRequest abstract interface.
clientName: The name of the RAS client endpoint machine.<8>
clientVersion: The version of the RAS client on the endpoint machine.<9>
securityIdentity: A binary data structure containing the security identifier (SID) of the requesting user.
-
The following is a description of the SID structure:
-
struct SID { Void* pSidData, DWORD sidDataLength } // pSidData: A pointer to opaque binary data that contains the SID. // sidDataLength: The number of bytes in the SID data.
-
identityType: Indicates the type of authentication that the RADIUS server should perform. When this parameter is set to true, the RADIUS server MUST NOT perform authentication; instead, it MUST perform a machine health check on this request. If this parameter is set to false, the RADIUS server SHOULD perform authentication as well as a machine health check on this request.
serviceClass: The name of a group of DHCP scopes that correspond to the endpoint that is requesting access. This parameter MUST be set to NULL in the case where the calling NAS is not a DHCP server.
networkAccessServerType: This parameter MUST indicate the type of the NAS according to section 2.2.1.4.
machineName: The machine name of the endpoint that is requesting network access.
rasCorrelationId: A GUID value sent in the RADIUS [RFC2865] Access-Request or Accounting-Request messages to uniquely identify a RADIUS session. See section 3.2.5.1.7 for additional information.
-
The RRAS server maintains a correlation ID property in its communication with the RRAS client in order to be able to set the MS-RAS-Correlation-ID attribute (section 2.2.1.7) with the value of the RRAS correlation ID.
userIpv4Address: A NAS sets this parameter with the value of the IPv4 address of the endpoint requesting network access.
-
The following is the structure definition of this parameter:
-
struct IPv4Address { Byte[4] bytes; }
-
userIpv6Address: A NAS that supports IPv6 sets this attribute with the value of the IPv6 address of the endpoint requesting network access.
-
A NAS that does not support IPv6 MUST set all the bytes of the structure to zero.
-
The following is the structure definition of this parameter.
-
struct IPv6Address { Byte[16] bytes; }