rlm_python clears reply if rejecting

Valts Mazurs valts at datatechlabs.com
Thu Sep 15 12:24:13 CEST 2005


Nicolas Baradakis wrote:
> Valts Mazurs wrote:
>
>
>>>Even if the pairfree() is removed from the module, I think the server
>>>core will delete the attribute later.
>>
>>Usually it does not :)
>
>
> However, I think it's the case in version 1.0.5.
>

So, in further releases server core will remove all attributes in reject
message (except reply-message and proxy-state according to RFC 2865)?

>
>>I use rlm_perl for a while and have not seen any attribute removed
>>on RLM_MODULE_REJECT.
>
>
> RFC 2865, section 5.44, says vendor specific are not allowed in
> Access-Reject packets.
>

I'm sure that there are more than one difference between RFC's and
Freeradius RADIUS protocol implementation.
Is there any serious reason to avoid returning vendor specific (and
maybe other) attributes in reject message? I think that such vendor
specific attribute as h323-return-code is very useful for explaining to
NAS why message was rejected. Reply-message attribute may serve for
diffrent needs when it is neccessary to display custom text message from
radius server.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20050915/728057f9/attachment.pgp>


More information about the Freeradius-Devel mailing list