Share via

[MS-RNAS]: Vendor-Specific RADIUS Attributes for Network Policy and Access Server (NPAS) Data Structure

  • Article

This topic lists Errata found in [MS-RNAS] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to this RSS feed to receive update notifications.

Errata are subject to the same terms as the Open Specifications documentation referenced.

RSS 

Errata below are for Protocol Document Version V5.0 – 2021/06/25.

Errata Published*

Description

2022/02/08

In section 2.2.1.11 MS-Azure-Policy-ID, added new section

Changed from:

Changed to:

The MS-Azure-Policy-ID is a VSA, as specified in section 2.2.1. It is used by the Radius Server to send an identifier which is used by Azure Point to Site VPN Server to match an authenticated RADIUS user Policy configured on the Azure side. This Policy is used to select IP/ Routing configuration (assigned IP address) for the user. The fields of MS-Azure-Policy-ID MUST be set as follows:

Vendor-Type: An 8-bit unsigned integer that MUST be set to 0x41.

Vendor-Length: An 8-bit unsigned integer that MUST be set to the length of the octet string in the Attribute-Specific Value plus 2.

Attribute-Specific Value: An octet string containing the Policy ID configured on the Azure Point to Site VPN Server.

In section 3.1.5.2 Microsoft VSA Support of RADIUS Messages, added MS-Azure-Policy-ID VSA to table.

Changed from:

Microsoft  vendor-specific attribute

Request

Accept

Reject

Challenge

Accounting-Request

. . .

MS-RDG-Device-Redirection

0

0-1

0

0

0

Changed to:

Microsoft  vendor-specific attribute

Request

Accept

Reject

Challenge

Accounting-Request

. . .

MS-RDG-Device-Redirection

0

0-1

0

0

0

MS-Azure-Policy-ID

0

0-1

0

0

0

In section 3.3.5.2.3 MS-Azure-Policy-ID, added new section

Changed from:

Changed to:

This attribute is consumed only by the Microsoft Azure Point to Site VPN Server.

When a Microsoft Azure Point to Site VPN Server receives this attribute in an Access-Accept message, it applies the IP/ Routing configuration set against Policy-id received for that user.

A NAS that is not a Microsoft Azure Point to Site VPN Server ignores this attribute.

For more details about this attribute, see section 2.2.1.11.

*Date format: YYYY/MM/DD