Access-Request / Mandatory Attributes
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Jan 7 23:36:41 CET 2010
--On Thursday, December 24, 2009 10:32:24 AM +0100 rsg
<ranil.santhish at gmail.com> wrote:
> Hi,
>
> I find that FreeRadius server allows access even without either of the
> mandatory attributes i.e. NAS-Identifier or NAS-IP-Address in the
> Access Request packet.
>
> Is this a deviation from RFC 2865 ?
>
> " .....An Access-Request SHOULD contain a User-Name attribute. It
> MUST contain either a NAS-IP-Address attribute or a NAS-Identifier
> attribute (or both)."
>
> Can someone clarify this please?
No. That paragraph expresses a requirement for compliant NAS's; it does
not specify the behaviour of a RADIUS server. There is nothing in 2865
which requires a RADIUS server to reject a request which does not contain
one of these attributes. In fact, a server which behaved that way would
exhibit interoperability problems (though I can't say how serious), since
previous versions of the RADIUS spec did not require these attributes to be
present.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Carnegie Mellon University - Pittsburgh, PA
More information about the Freeradius-Devel
mailing list