On Mar 10, 2018, at 1:13 AM, Jibin Han via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I am using freeradius v2.1.12
You should really use 2.2.10 at least.
on Ubuntu 16.04, I need to configure it so that it will authenticate the incoming RADIUS messages based on their Vendor Specific Attributes. I looked over freeradius.org, it is not clear how to do that, hence ask people in this group.
Here are the details -
1. We have an in-house developed RADIUS client software which creates a RADIUS access request message and sends to freeradius server. 2. The configuration of freeradius server is ready: when the client message has the right user/password, we can receive accept message; otherwise reject message. The authentication is PAP. 3. Now we insert VSA attribute: the code is 26, the vendor id is our vendor's ID and the custom name and value. 4. Our goal is, make freeradius server authenticate not only user/password, but also this VSA - when an invalid name/value are put into VSA, freeradius sends reject message.
You don't "authenticate" the VSA. You just check it's value.
I check out dictionary, but that seems just some name mapping, I do not think it authenticate attributes.
The dictionary defines attributes. The configuration files tell the server how to process packets.
Could you point me the direction how this could be done and preferably with some examples?
How about giving *us* some examples? What do these attributes look like? What do you want to compare them with? Hint: debug output is infinitely better than vague descriptions.
I can upgrade to freeradius v3 if it is required.
You can probably do it in v2. You jut need to *describe* what you want to do. Alan DeKok.