Can FreeRADIUS send non-standard VSAs?

Ian Pilcher arequipeno at
Sat Apr 27 01:52:21 CEST 2019

On 4/26/19 4:23 PM, Alan DeKok wrote:
> But if they have ignored the RFC suggestions, it's stupid.  That 
> makes it harder for everyone to use their product.

So I heard back from Dell:

> The ID the Cx is referencing [in windows NPS this would be the
> 'Vendor-Assigned attribute number' under 'Configure VSA (RFC
> Compliant)'] is not listed in the documentation because it genuinely
> does not matter what number is used, I've tried random #s from 0 to
> 5000 [in capture packets show  "VSA: l=19 t=Unknown-Attribute(255):
> 7368656c6c3a707269762d6c766c3d3135" where the t=string(#), that # is
> the OID/Vendor-Assigned attribute number. Any value configured
> greater than 255 just shows as 255. It really doesn't matter what
> number you pick.] and any will work so long as the string is present
> and the line configuration on the switch includes both authENTICATION
> and authorization

(My root problem was that I had configured the switch for RADIUS
authentication, but not RADIUS authorization.  Sigh.)

I have pointed out to them that they might want to document this wee
factoid, since every RADIUS server under the sun is going to want *some*
value entered for the vendor type, whether it matters or not.

So their VSAs are at least properly formatted ...

Ian Pilcher                                         arequipeno at
-------- "I grew up before Mark Zuckerberg invented friendship" --------

More information about the Freeradius-Users mailing list