Access-Request / Mandatory Attributes
jhutz at cmu.edu
Thu Jan 7 23:36:41 CET 2010
--On Thursday, December 24, 2009 10:32:24 AM +0100 rsg
<ranil.santhish at gmail.com> wrote:
> I find that FreeRadius server allows access even without either of the
> mandatory attributes i.e. NAS-Identifier or NAS-IP-Address in the
> Access Request packet.
> Is this a deviation from RFC 2865 ?
> " .....An Access-Request SHOULD contain a User-Name attribute. It
> MUST contain either a NAS-IP-Address attribute or a NAS-Identifier
> attribute (or both)."
> Can someone clarify this please?
No. That paragraph expresses a requirement for compliant NAS's; it does
not specify the behaviour of a RADIUS server. There is nothing in 2865
which requires a RADIUS server to reject a request which does not contain
one of these attributes. In fact, a server which behaved that way would
exhibit interoperability problems (though I can't say how serious), since
previous versions of the RADIUS spec did not require these attributes to be
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Carnegie Mellon University - Pittsburgh, PA
More information about the Freeradius-Devel