Vendor specific attributes, tags

Alan DeKok aland at
Tue Jun 7 20:14:29 CEST 2005

"Metz, Frederic" <Frederic.Metz at> wrote:

  PLEASE don't CC me on posts to the list.  I already get enough mail.
If I get enough duplicates from someone, I just delete all of their
messages unread.

> what is non-standard ?? maybe there was a misunderstanding.

  non-standard == not defined in the RFC's.

> I have a usual vendor specific attribute, but in the beginning of
> the "String" field there is a tag of 1 byte.

  Yes, I'm very clear on that.

> Isn't it right that you can put anything in the "string" field in
> case of vendor specific attributes, thats the argument of the
> vendor, which also delivers the Radius-Server :-)

  Yes, that's true.

> but we want to use freeRadius. Another argument of the vendor is
> that our Radius-Server (freeRadius) isn't able to understand
> vendor-specific attributes with tagged fields.

  *No* RADIUS server I know of supports that.  It's non-standard.

  If your client uses it, then *no* radius server will be able to
understand those attributes.

> I am quite a bit confused now. So this attribute is conform to the
> RFC?, but the credentials are in proprietary format, right ??

  Yes.  But you also said:

> > I want to bring the data of the attribute with tag 1 into field 1
> > and with tag 2 into field 2 in mysql.

  Let me repeat myself again: NO RADIUS SERVER I KNOW OF CAN DO THIS

  It's non-standard.

  If you want FreeRADIUS to do it, then write C code to interpret the
attributes, because the default configuration of FreeRADIUS does not
understand these attribures, because they're non-standard.

  In nearly 10 years of working RADIUS, this is the first time I've
seen this kind of attribute.

  The benefit with using FreeRADIUS is that you *can* fix it to do
what you want.  With commercial servers, you can't.

  Alan DeKok.

More information about the Freeradius-Users mailing list