Vendor-Specific attribute with rlm_rest
Michael A Carpenter - firstname.lastname@example.org
macarpen at us.ibm.com
Thu May 7 22:42:11 CEST 2020
On May 7, 2020, at 2:45 PM, Alan DeKok <aland at deployingradius.com<mailto:aland at deployingradius.com>> wrote:
On May 7, 2020, at 2:17 PM, Michael A Carpenter - macarpen at us.ibm.com<mailto:macarpen at us.ibm.com> <macarpen at us.ibm.com<mailto:macarpen at us.ibm.com>> wrote:
I'm trying to return the Vendor-Specific attribute with value "H=4,I=4" using the rlm_rest module. I've tried the following authorization response payloads:
Both resulted in error:
Please don't do that. It's terrible. If you need that in order to interoperate with an idiot vendor, fine. But if you're doing something yourself, this is 1000% the wrong thing to do.
The former, vendor is SuperMicro
You *cannot* and *should not* specify values for the Vendor-Specific attribute. That attribute does not have values like other attributes. Instead, it carries a 32-bit vendor number, followed by encapsulated vendor attributes.
So... why are you doing this?
I arrived at those values based on http://lists.freeradius.org/pipermail/freeradius-users/2017-November/089770.html and https://www.supermicro.com/support/faqs/faq.cfm?faq=22374
Any suggestions for what might be incompatible about the value?
It fails to follow the RFCs. See
Which defines the "vsa" data type, for the Vendor-Specific attribute.
As the author of that specification, I feel uniquely qualified to say that your usage of Vendor-Specific is wrong. :)
No argument here :)
More information about the Freeradius-Users