FR with MySQL. Proxying and repeated entries

Alan DeKok aland at
Fri Aug 19 21:09:23 CEST 2005

"Paolo Rotela" <paolo.rotela at> wrote:
> With this one, Access-* packets go OK, but when the NAS (Cisco AS5300) sends 
> an Accounting-Request to that realm and I proxy it to the home server, it 
> sends me an Accounting-Response with an (I think) irregular attribute: 
> Message-Authenticator (Ext. Attr. 80), wich I think is not permitted in the 
> RFC for accounting packets.

  The IETF RADIUS extensions working group has a document which
proposes fixes to a number of issues like this.

> 1) Am I reading OK the RFC? I mean ¿Is it right that Attribute 80 is NOT 
> permitted in Accounting-* packets?

  I don't think it's specifically permitted, but it shouldn't be a problem.

> 2) Each time the NAS re-sends packets, FR handles it as it were a new 
> packet, for a new call/connection.

  The RFC's say that's what the NAS is supposed to do.  So for
FreeRADIUS, it looks like a new connection.

> 3) Is there any known bug or propietary feature from Cisco wich causes this 
> incompatibility thing? I've searched about it and didn't find anything.

  No.  It's a bug in FreeRADIUS.

  I'll put a patch into 1.0.5 that should fix it.

  Alan DeKok.

More information about the Freeradius-Users mailing list