El tercero... a ver si entiende lo que quiero decir

Paolo Rotela paolo.rotela at bluetelecom.com
Wed Sep 14 19:04:26 CEST 2005


Ing. Paolo Rotela
Jefe Técnico
Blue Telecom
----- Original Message ----- 
From: "Paolo Rotela" <paolo.rotela at bluetelecom.com>
To: "Freeradius Users" <freeradius-users at lists.freeradius.org>
Sent: Wednesday, September 14, 2005 10:20 AM
Subject: Re: FreeRadius Proxying and Message-Authenticator


>I wonder if it is correct to discard a packet based on the presence of an 
>attribute witch use is not defined by any standard. I've read the 
>"aboba-radext-fixes" and I see that FR is calculating Message-Authenticator 
>in Accounting packets this way. But there is no RFC about it... RFC2869 
>describes how to handle incorrect or missing Message-Authenticator in 
>Access-* packets, it doesn't say that you must discard an Accounting packet 
>with invalid Message Authenticator, because as you say there is no standard 
>about how to calculate it.
>
> I suggest at least a configuration option that can help to avoid this 
> compatibility issue, giving the user the option of accepting or not 
> "incorrect" MAs in Accounting.
>
> I'll try to find out the algorithm used by Cisco... If I happen to be 
> successful, I'll post it.
>
> Thanks
>
>
> Date: Tue, 13 Sep 2005 17:57:05 -0400
> From: "Alan DeKok" <aland at ox.org>
> Subject: Re: FreeRadius Proxying and Message-Authenticator
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <20050913215705.0B8CA170D2 at mail.nitros9.org>
>
> "Paolo Rotela" <paolo.rotela at bluetelecom.com> wrote:
>> Hi. I've downloaded FR 1.0.5 whch is supposed to have a bugfix for
>> Message-Authenticator handling in Accounting-* messages.
>
>  The issue is that the suggested method of calculatin
> Message-Authenticator MAY NOT be the same as what Cisco's using.
> Because there's no standard, Cisco may be doing almost *anything*.
>
>> I'am missing something?
>
>  If you can find out the algorithm used by Cisco, we may be able to
> update FreeRADIUS to handle it.  Until then, there isn't much we can
> do.
>
>
> Ing. Paolo Rotela
> Jefe Técnico
> Blue Telecom 




More information about the Freeradius-Users mailing list