VSA encoding

Geoffroy Arnoud geoffroy.arnoud at free.fr
Wed May 24 09:01:11 CEST 2006 

Hi all,

I have a question regarding Vendor-specific attribute encoding: What type of
"smart" encoding are supported by radclient (and thus FreeRADIUS). I mean, I
know I can use TLV encoded VSA - as described in the RFC, for example:

WISPr-Redirection-URL=http://www.google.fr
or
Cisco-Account-Info=QT600

For VSA encoded only with Vendor-ID and String, I can use the syntax:
Vendor-Specific=0x00000009FC140256305a31393939406f72616e67652e6672
(Cisco-Account-Info VSA I believe)

I saw a strange dictionary amongst FreeRADIUS dictionaries: for USR robotics
dictionay.usr
It is talking about a NMC encoding, and the follinwg is added after the vendor
id declaration:
"format=4,0"
As anyone explanation about this type of encoding?

>From my side, I have a vendor (having a vendor-id) that uses the following
encoding:
RADIUS Attribute Id (1 byte) = 26
RADIUS Attribute Length (1 byte) = total length of attribute value + 2
Vendor ID (4 bytes)
A Project Type attribute (1 byte)
And as much attributes as possible (up to 248 bytes), using TLV where T is 1
byte and L is 1 byte.

The following scheme shows the attribute encoding.

  0                  1              2                3            4
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |   Type (26)   |   Length      |           Vendor-Id           |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |       Vendor-Id (cont)        | Project type  | N°Attribute 0 |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |AttributeLength|  Value Attribute 0     . . . . . . .
   . . . . . . .
   . . . . . . .
   . . . . . . .
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   . . . .        | N°Attribute n |AttributeLength|. . .
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      Value Attribute n     . . . . . . .
   . . . . . . .
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Is FreeRADIUS able to support such encoding method?
Or maybe with only one TLV attribute per RADIUS attribute (26 + L + VendorID +
ProjectType + TLV)?

For the moment, we use the Vendor-Specific=0x00.... method, but as the
attributes are standardized with this vendor, we would like to use it, in a
smarter way.

Sorry if I have been a litte long.

Thankyou in advance.

Geof.

More information about the Freeradius-Users mailing list