Sending Accounting Response

Padam J Singh padam.singh at inventum.cc
Mon Dec 15 07:16:13 CET 2008



Alan DeKok wrote:
> Padam J Singh wrote:
>> >From the RFC 2866:
> 
>   Yes, I have read the RFC's.  They're even in the FreeRADIUS source
> tree.  They'are referenced from http://freeradius.org/rfc/, which was
> built by me.
> 
>> The RFC doesn't categorically say that an accounting response packet SHOULD NOT have attributes.
> 
>   Read the REST of the RFC.  Specifically, the Table of Attributes.
>

Citing the Table of Attributes:

No attributes should be found in
   Accounting-Response packets except Proxy-State and possibly Vendor-
   Specific.

The attributes I want to send are VSAs anyway, so I fail to see how this
violates the RFC.

>> The NAS is an application I have written - so I will be able to parse attributes in an accounting response.
> 
>   Your application is wrong.  If it needs to have attributes sent back
> in an Accounting-Response packet, then it's not doing RADIUS properly.
>

According to the RFC - VSAs are allowed, and it is up to the vendor to
implement handling such responses.

>> If the standard postgres module cannot be used to send back attributes in an accounting-response packet, 
>> can I do the same using any other module like JRadius? I have gone through the rlm_jradius source code, 
>> and it looks like it doesn't differentiate between accounting and authorization responses when reading value pairs.
> 
>   If you can get something to work, good luck.  But the server is NOT
> intended to send attributes back in the Accounting-Response.
> 

The standard install of FR also includes the following in
attr.accounting_response:

DEFAULT
        Vendor-Specific =* ANY,
        Message-Authenticator =* ANY,
        Proxy-State =* ANY

The filter does allow any VSA - I wonder why the modules are not written
to facilitate sending the attributes to the NAS.

>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

-- 
PGP Id 9EED2E09



More information about the Freeradius-Users mailing list