On 11/10/2010 12:37, Phil Mayers wrote:
On 09/10/10 15:01, Garber, Neal wrote:
Thanks to a lot of work by Phil Mayers, the server now has support for
Microsoft SoH in PEAP, normal RADIUS (MS VPN gateway), and in DHCP.
Wow! That *must* have been a lot of work! Thank you Phil.
Does this mean FreeRADIUS can now act as a Health Policy Server?
Yes, though it's not 100%. Specifically the code can challenge clients for
an SoH, and the client will submit it and FreeRadius decode it. There is
not (yet) support for FreeRadius generating and emitting an SoHR, because
I don't have a working example of such, and decoding the MS-SOH spec is
REALLY REALLY hard without at least some working data to compare to the
awful spec language!
Hi Phil, Alan,
http://msdn.microsoft.com/en-us/library/cc251376%28v=PROT.10%29.aspx
-> Independent of the above states, the last bit of the third byte of the
AU ClientStatusCode can take the value of 1 if the AU settings on the
client are controlled by policy.
[We do a little of
http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx on our
clients via our wireless set-up wizard to help them keep up to date with
patches]
... Therefore patch attached {"confd-by=" format only a suggestion}.
-James
--
James J J Hooper
Network Specialist
Information Services
University of Bristol
http://www.wireless.bristol.ac.uk http://www.jamesjj.net
--
--- soh.c-orig 2010-10-11 20:54:28.000000000 +0000
+++ soh.c-new1 2010-10-11 21:02:49.000000000 +0000
@@ -500,19 +500,34 @@ int soh_verify(VALUE_PAIR *sohvp, const
s = "auto-updates";
switch (hcstatus) {
case 1:
-
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn disabled", s);
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn disabled
confd-by=user", s);
break;
case 2:
-
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=check-only",
s);
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=check-only
confd-by=user", s);
break;
case 3:
-
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=download", s);
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=download
confd-by=user", s);
break;
case 4:
-
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=install", s);
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=install
confd-by=user", s);
break;
case 5:
-
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn unconfigured", s);
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn unconfigured
confd-by=user", s);
+ break;
+ case 0x00000101:
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn disabled
confd-by=policy", s);
+ break;
+ case 0x00000102:
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=check-only
confd-by=policy", s);
+ break;
+ case 0x00000103:
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=download
confd-by=policy", s);
+ break;
+ case 0x00000104:
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s ok action=install
confd-by=policy", s);
+ break;
+ case 0x00000105:
+
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn unconfigured
confd-by=policy", s);
break;
case 0xc0ff0003:
snprintf(vp->vp_strvalue, sizeof(vp->vp_strvalue), "%s warn service-down", s);
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
