DB valid fields

Stephen kbaegis at gmail.com
Sat Oct 20 15:43:06 CEST 2018 

I've decided to take a crack at unpacking this- for what it's worth.
Before I do that I should probably just say, "Thank you all for the
freeradius project".

On 10/19/18 4:42 PM, Stephen wrote:
> I don't know what to say to this. There's not really much room left for
> a discussion, frankly.
>
> Found what I was looking for entirely without this line:
> https://tools.ietf.org/html/rfc2865#section-5.6
>
> On 10/19/18 4:27 PM, Alan DeKok wrote:
>> In Oct 19, 2018, at 5:44 PM, Stephen <kbaegis at gmail.com> wrote:
>>> I have no idea what you're talking about.
>>   It helps to understand how RADIUS works.  And to assume that you can learn from the people who are trying to help you.
>>
>>> This is my own environment
>>> with no vendor support. I'm using dd-wrt with freeradius as well as
>>> strongswan with freeradius, so the "calling station" is just dd-wrt/WPA2
>>> Enterprise, or alternatively strongswan/eap-tls with MacOS, Linux and
>>> Windows clients.
>>   Then read the documentation for that product to see what it takes.
While these projects are also open source, I wasn't able to find much in
the way of documentation helping describe what you're assuming they should:

https://wiki.strongswan.org/projects/1/wiki/EapTls

https://wiki.openwrt.org/doku.php?id=oldwiki:wpa2enterprise
https://wiki.openwrt.org/doc/howto/wireless.security.8021x

In fact, you have to dig into the source code to see what they can
really handle, so I don't really consider that so implicit as suggested:

https://github.com/strongswan/strongswan/blob/57447015db828832e0e141dcdab7fbf61f828851/src/libradius/radius_message.c#L100

It's certainly fair for these projects to include more documentation on
how various RADIUS attributes are used. Unfortunately, I didn't find
that in a cursory search.
>>
>>   As for your original question:
>>
>>>  I would love to
>>> know where the documentation for the acceptable radreply entries is.
>>   This question shows a fundamental misconception on how RADIUS works.  The short answer is that for FreeRADIUS, *all* attributes can go into the radreply table.  We don't care.  The documentation makes this fairly clear.
>>
>>   i.e. the documentation describes how to use the SQL module and how it works.  The documentation does *not* contain every possible configuration for every possible situation.
>>
>>   And yes, that's what you were asking for:
>>
>>> Aside from the limited and anecdotal references found there to fields
>>> like `Framed-IP-Address`, where can I find a comprehensive accounting of
>>> the attributes and values I can leverage in my radreply table? 
>>   No such table exists.  It's up to *you* to read the documentation for the NAS to see what attributes it takes.  Asking for such "comprehensive" documentation again shows a misunderstanding of how things work.
>>
>>   And, a snide comment of "limited and anecdotal references found" is just not appropriate.  We don't document what Framed-IP-Address is, or what it does.  That documentation lies elsewhere.
>>
>>   Similarly, we don't document every possible use of every possible attribute.  Would you ask a car manufacturer for detailed specifications of every possible tire that goes on the car?  Along with tire-specific instructions for mounting, care, etc.?  No?
>>
>>   Then by the same logic, it's not appropriate to ask us for documentation on every possible attribute.
Clearly I should have come to the discussion as an expert on RADIUS,
preferably as a co-author of multiple RFCs concerning it. Here is
information I was actually looking for:

https://tools.ietf.org/html/rfc2865#section-5.8,
https://tools.ietf.org/html/rfc2865#section-5

As part of the actual RFC describing what a RADIUS server is supposed to
be, I simply disagree with your assessments above. Not everyone using
your product has read all the pertinent RFCs, and it's an extraordinary
burden for those of us not specializing in your area of expertise.

To extend your own analogy, should I *really* need to read 4+
international regulatory standards to change my tire?
>>   Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list