Logging With Network Policy Server
Note
Internet Authentication Service (IAS) was renamed Network Policy Server (NPS) starting with Windows Server 2008. The content of this topic applies to both IAS and NPS. Throughout the text, NPS is used to refer to all versions of the service, including the versions originally referred to as IAS.
The following table describes only the most important aspects of the RADIUS accounting packets. The RADIUS Accounting Request for Comments document (RFC 2866) provides detailed information on these packets.
RADIUS accounting packets can be divided into the following categories.
| Accounting packet | Description |
|---|---|
| Accounting-On | Sent by the Network Access Server (NAS) to indicate that it has restarted. Contains nas-identifier/ipaddress. |
| Accounting-Off | Sent by the NAS to indicate that it is being shutdown. Contains nas-identifier/ipaddress. |
| Accounting-Start | Sent by the NAS, after the user was authenticated and authorized, to indicate the start of a user session. Contains userid, nas-identifier/ipaddress, plus other information received from the NAS. |
| Accounting-Stop | Sent by the NAS to indicate the end of a user session. Contains userid, nas-identifier/ipaddress, plus other information received from the NAS. |
| Accounting-Interim | Could be sent periodically by the NAS for each user that is logged on at the NAS. This feature is generally supported in newer versions of NAS. |
The following issues are important to consider when collecting accounting information made available through RADIUS:
- In rare cases, packets could be lost during transmission and may never reach the RADIUS server.
- The RADIUS server is not notified if the NAS aborts.
- ISDN supports multiple sessions and each session generates an Accounting-Start/-Stop pair of packets. There is an accounting attribute called multi-session identifier that clearly identifies such multi-session packets. Check for the multi-session identifier in addition to the session identifier to calculate the number of sessions.
Requests Logged by NPS
By default, NPS does not log any data. NPS can be configured, using the NPS user interface (nps.msc), to log the following requests.
| Logged packet | Description |
|---|---|
| Accounting Request | Any of the accounting packets described in the previous table. |
| Authentication Request | Sent by the NAS on behalf of the connecting user. The log entries contain only incoming attributes. |
| Authentication Accept | Sent by NPS to indicate that the user connection should be accepted. The log entries contain only outgoing attributes. |
| Authentication Reject | Sent by NPS to indicate that the user connection should be rejected. The log entries contain only outgoing attributes. |
Data logged by NPS can go to a text file on the NPS server or to a central SQL database. For more information on NPS SQL logging, see SQL Programmability.
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for