> >What do you mean by "keeping"? Logging it? In that case, enable > >post_proxy_detail and pre_proxy_detail logging, they log everything that > > goes > > >through. > > In fact , i would like to know if there is an option to specify the proxy > not deleting the VSA located in the access-reject response of the server > when the proxy send the access-reject to the client?(keep the VSA) > > Clearer, currently, my Radius server send to the proxy an access-reject > with VSA and when the proxy receive these packet, it send the same packet > to the client so an access-reject packet but with no VSA (it seem to delete > them). > > So currently, i have: > *Server Radius*>>>*packet access-reject with VSA*>>>>*Proxy > Radius*>>>*packet access-reject without VSA>>>>>>**Client Radius* > > > > So what i would like is: > > *Server Radius*>>>*packet access-reject with VSA*>>>>*Proxy > Radius*>>>*packet access-reject with VSA>>>>>>**Client Radius* > > ** you've asked that question before. My answer was: this is not supposed to work because it probably violates the RFC. What you could try is to add your VSAs to the FreeRADIUS dictionaries, and specify in "attrs" the exact VSA you want to, not the generic VSA identifier for your vendor id. Maybe you can convince the server then. I wouldn't bet on it though. Further messages via private mail will be ignored, ask the _mailing list_. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
Attachment:
pgphA90IFp0Gj.pgp
Description: PGP signature