radclient CoA and salt-encrypted attributes
Alan DeKok
aland at deployingradius.com
Sat Dec 15 16:14:29 CET 2007
Bjørn Mork wrote:
> We've been strugglig with CoA and LI on Juniper E-series. The problem
> is that JUNOSe by default require a few salt-encrypted VSAs also when
> using CoA, which means that they must be encrypted using an accounting
> request authenticator.
Ah, OK.
> The attached patch will use an accounting request authenticator when
> salt-encrypting for accounting, disconnect or coa. It has been verified
> to work against JUNOSe 7.3.4:
I've applied it, with one change: the default for packets is to use
original->request. This lets it work normally for CoA-ACK and
Disconnect-Ack, too. With the patch as posted, it wouldn't work for
those two packets.
It's a bit of a corner case, but it's worth thinking about.
Alan DeKok.
More information about the Freeradius-Devel
mailing list