Vendor-Specific attribute with rlm_rest

Michael A Carpenter - macarpen at
Thu May 7 22:42:11 CEST 2020

On May 7, 2020, at 2:45 PM, Alan DeKok <aland at<mailto:aland at>> wrote:

On May 7, 2020, at 2:17 PM, Michael A Carpenter - macarpen at<mailto:macarpen at> <macarpen at<mailto:macarpen at>> wrote:

I'm trying to return the Vendor-Specific attribute with value "H=4,I=4" using the rlm_rest module. I've tried the following authorization response payloads:

{"Attr-26": "0x483d342c493d34"}

{"Vendor-Specific": "H=4,I=4"}

Both resulted in error:

 Please don't do that.  It's terrible.  If you need that in order to interoperate with an idiot vendor, fine.  But if you're doing something yourself, this is 1000% the wrong thing to do.

The former, vendor is SuperMicro

 You *cannot* and *should not* specify values for the Vendor-Specific attribute.  That attribute does not have values like other attributes.  Instead, it carries a 32-bit vendor number, followed by encapsulated vendor attributes.

So... why are you doing this?

I arrived at those values based on and

Any suggestions for what might be incompatible about the value?

 It fails to follow the RFCs.  See

 Which defines the "vsa" data type, for the Vendor-Specific attribute.

 As the author of that specification, I feel uniquely qualified to say that your usage of Vendor-Specific is wrong. :)

No argument here :)

More information about the Freeradius-Users mailing list