Problem of proxying Vendor Specific Attributes (VSA)!

Stefan Winter stefan.winter at
Wed Jul 5 16:05:35 CEST 2006

> >What do you mean by "keeping"? Logging it? In that case, enable
> >post_proxy_detail and pre_proxy_detail logging, they log everything that
> goes
> >through.
> In fact , i would like to know if there is an option to specify the proxy
> not deleting the VSA located in the access-reject response of the server
> when the proxy send the access-reject to the client?(keep the VSA)
> Clearer, currently, my Radius server send to the proxy an access-reject
> with VSA and when the proxy receive these packet, it send the same packet
> to the client so an access-reject packet but with no VSA (it seem to delete
> them).
> So currently, i have:
> *Server Radius*>>>*packet access-reject with VSA*>>>>*Proxy
> Radius*>>>*packet access-reject without VSA>>>>>>**Client Radius*
> So what i would like is:
> *Server Radius*>>>*packet access-reject with VSA*>>>>*Proxy
> Radius*>>>*packet access-reject with VSA>>>>>>**Client Radius*
> **

you've asked that question before. My answer was: this is not supposed to work 
because it probably violates the RFC. What you could try is to add your VSAs 
to the FreeRADIUS dictionaries, and specify in "attrs" the exact VSA you want 
to, not the generic VSA identifier for your vendor id. Maybe you can convince 
the server then. I wouldn't bet on it though.

Further messages via private mail will be ignored, ask the _mailing list_.



Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at     Tel.:     +352 424409-1                Fax:      +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list