Can FreeRADIUS send non-standard VSAs?
arequipeno at gmail.com
Sat Apr 27 01:52:21 CEST 2019
On 4/26/19 4:23 PM, Alan DeKok wrote:
> But if they have ignored the RFC suggestions, it's stupid. That
> makes it harder for everyone to use their product.
So I heard back from Dell:
> The ID the Cx is referencing [in windows NPS this would be the
> 'Vendor-Assigned attribute number' under 'Configure VSA (RFC
> Compliant)'] is not listed in the documentation because it genuinely
> does not matter what number is used, I've tried random #s from 0 to
> 5000 [in capture packets show "VSA: l=19 t=Unknown-Attribute(255):
> 7368656c6c3a707269762d6c766c3d3135" where the t=string(#), that # is
> the OID/Vendor-Assigned attribute number. Any value configured
> greater than 255 just shows as 255. It really doesn't matter what
> number you pick.] and any will work so long as the string is present
> and the line configuration on the switch includes both authENTICATION
> and authorization
(My root problem was that I had configured the switch for RADIUS
authentication, but not RADIUS authorization. Sigh.)
I have pointed out to them that they might want to document this wee
factoid, since every RADIUS server under the sun is going to want *some*
value entered for the vendor type, whether it matters or not.
So their VSAs are at least properly formatted ...
Ian Pilcher arequipeno at gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
More information about the Freeradius-Users