Browse Prior Art Database

Microsoft Vendor-specific RADIUS Attributes (RFC2548)

IP.com Disclosure Number: IPCOM000003134D
Original Publication Date: 1999-Mar-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 32 page(s) / 74K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

G. Zorn: AUTHOR

Abstract

This document describes the set of Microsoft vendor-specific RADIUS attributes. These attributes are designed to support Microsoft proprietary dial-up protocols and/or provide support for features which is not provided by the standard RADIUS attribute set [3]. It is expected that this memo will be updated whenever Microsoft defines a new vendor-specific attribute, since its primary purpose is to provide an open, easily accessible reference for third-parties wishing to interoperate with Microsoft products.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group G. Zorn

Request for Comments: 2548 Microsoft Corporation

Category: Informational March 1999

Microsoft Vendor-specific RADIUS Attributes

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

This document describes the set of Microsoft vendor-specific RADIUS

attributes. These attributes are designed to support Microsoft

proprietary dial-up protocols and/or provide support for features

which is not provided by the standard RADIUS attribute set [3]. It

is expected that this memo will be updated whenever Microsoft defines

a new vendor-specific attribute, since its primary purpose is to

provide an open, easily accessible reference for third-parties

wishing to interoperate with Microsoft products.

1. Specification of Requirements

In this document, the key words "MAY", "MUST, "MUST NOT", "optional",

"recommended", "SHOULD", and "SHOULD NOT" are to be interpreted as

described in [2].

2. Attributes

The following sections describe sub-attributes which may be

transmitted in one or more RADIUS attributes of type Vendor-Specific

[3]. More than one sub-attribute MAY be transmitted in a single

Vendor-Specific Attribute; if this is done, the sub-attributes SHOULD

be packed as a sequence of Vendor-Type/Vendor-Length/Value triples

following the inital Type, Length and Vendor-ID fields. The Length

field of the Vendor-Specific Attribute MUST be set equal to the sum

of the Vendor-Length fields of the sub-attributes contained in the

Vendor-Specific Attribute, plus six. The Vendor-ID field of the

Vendor-Specific Attribute(s) MUST be set to decimal 311 (Microsoft).

2.1. Attributes for Support of MS-CHAP Version 1

2.1.1. Introduction

Microsoft created Microsoft Challenge-Handshake Authentication

Protocol (MS-CHAP) [4] to authenticate remote Windows workstations,

providing the functionality to which LAN-based users are accustomed.

Where possible, MS-CHAP is consistent with standard CHAP [5], and the

differences are easily modularized. Briefly, the differences between

MS-CHAP and standard CHAP are:

* MS-CHAP is enabled by negotiating CHAP Algorithm 0x80 in LCP

option 3, Authentication Protocol.

* The MS-CHAP Response packet is in a format designed for

compatibility with Microsoft Windows NT 3.5, 3.51 and 4.0,

Microsoft Windows95, and Microsoft LAN Manager 2.x networking

products. The MS-CHAP format does not require the authenticator

to store a clear-text or reversibly encrypted password.

* MS-CHAP provides an authenticator-controlled authentication

retry mechanism.

* MS-CHAP provides an authenticator-con...