Vendor specific attributes, tags
Alan DeKok
aland at ox.org
Tue Jun 7 20:14:29 CEST 2005
"Metz, Frederic" <Frederic.Metz at t-com.net> wrote:
...
PLEASE don't CC me on posts to the list. I already get enough mail.
If I get enough duplicates from someone, I just delete all of their
messages unread.
> what is non-standard ?? maybe there was a misunderstanding.
non-standard == not defined in the RFC's.
> I have a usual vendor specific attribute, but in the beginning of
> the "String" field there is a tag of 1 byte.
Yes, I'm very clear on that.
> Isn't it right that you can put anything in the "string" field in
> case of vendor specific attributes, thats the argument of the
> vendor, which also delivers the Radius-Server :-)
Yes, that's true.
> but we want to use freeRadius. Another argument of the vendor is
> that our Radius-Server (freeRadius) isn't able to understand
> vendor-specific attributes with tagged fields.
*No* RADIUS server I know of supports that. It's non-standard.
If your client uses it, then *no* radius server will be able to
understand those attributes.
> I am quite a bit confused now. So this attribute is conform to the
> RFC?, but the credentials are in proprietary format, right ??
Yes. But you also said:
> > I want to bring the data of the attribute with tag 1 into field 1
> > and with tag 2 into field 2 in mysql.
Let me repeat myself again: NO RADIUS SERVER I KNOW OF CAN DO THIS
TODAY.
It's non-standard.
If you want FreeRADIUS to do it, then write C code to interpret the
attributes, because the default configuration of FreeRADIUS does not
understand these attribures, because they're non-standard.
In nearly 10 years of working RADIUS, this is the first time I've
seen this kind of attribute.
The benefit with using FreeRADIUS is that you *can* fix it to do
what you want. With commercial servers, you can't.
Alan DeKok.
More information about the Freeradius-Users
mailing list