Missing NAS-Port in Access request with respect to RFC 2865
Alan DeKok
aland at deployingradius.com
Thu Apr 3 11:22:00 CEST 2008
Ramm-Ericson, Johannes wrote:
>>From what I understand the current Freeradius code interprets the RFC
> statement so that if the NAS-Port attribute is not sent then the access
> request is not processed and subsequently denied (in rlm_radutmp.c -
> line 404).
No.
The *radutmp* module requires the NAS port for it's proper operation.
The *server* does not.
The request is *not* denied if there is no NAS-Port.
> However; shouldn't the statement from the RFC be intertpreted such that
> if *neither* the NAS-Port or the NAS-Port-Type is set then the access
> request should not be processed and subsequently denied?
No. I have no idea why you think the request is being denied.
> I'm thinking
> something along the lines of changing line 404 of rlm_radutmp.c to:
>
> if (!port_seen && !nas_port_type) {
No. The radutmp module needs a NAS-Port to put into the radutmp data
structure. The NAS-Port-Type attribute cannot be used for this purpose.
> I'll apologise in advance if my all too rusty programming skills are
> making me misunderstand the situation entirely...
I think you're confusing "server" with "module".
e.g. the PAP module requires a User-Password in the Access-Request.
The *server* doesn't, because it can hand the request to another module,
like CHAP, or MS-CHAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list