Problem of proxying Vendor Specific Attributes (VSA)!
Stefan Winter
stefan.winter at restena.lu
Wed Jul 5 14:29:20 CEST 2006
Hi,
> When i receive an access-reject from the radius server (this packet has VSA
> ), the proxy send back the access-reject to the client but delete the VSA.
>
> I tried to modify the file "attrs" by specifying "Vendor-Specific == xxx
> (our vendor number)" but it doesn't work and i'm not sure if it is the
> good file to modify.
>
> What can i do to indicate the proxy not deleting the VSA when it receive an
> access-reject from the server?
it's not said crystally clear in the RFC2865, but IMO VSA atributes are not
supposed to be present in Rejects:
If any value of the received Attributes is not acceptable, then
the RADIUS server MUST transmit a packet with the Code field set
to 3 (Access-Reject). It MAY include one or more Reply-Message
Attributes with a text message which the NAS MAY display to the
user.
So I wouldn't be surprised if FR discards them hardwired. But someone with
more knowledge is required to give an authoritative answer :-)
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20060705/d8a6e2fd/attachment.pgp>
More information about the Freeradius-Devel
mailing list