Sending Accounting Response

Padam J Singh padam.singh at
Mon Dec 15 07:16:13 CET 2008

Alan DeKok wrote:
> Padam J Singh wrote:
>> >From the RFC 2866:
>   Yes, I have read the RFC's.  They're even in the FreeRADIUS source
> tree.  They'are referenced from, which was
> built by me.
>> The RFC doesn't categorically say that an accounting response packet SHOULD NOT have attributes.
>   Read the REST of the RFC.  Specifically, the Table of Attributes.

Citing the Table of Attributes:

No attributes should be found in
   Accounting-Response packets except Proxy-State and possibly Vendor-

The attributes I want to send are VSAs anyway, so I fail to see how this
violates the RFC.

>> The NAS is an application I have written - so I will be able to parse attributes in an accounting response.
>   Your application is wrong.  If it needs to have attributes sent back
> in an Accounting-Response packet, then it's not doing RADIUS properly.

According to the RFC - VSAs are allowed, and it is up to the vendor to
implement handling such responses.

>> If the standard postgres module cannot be used to send back attributes in an accounting-response packet, 
>> can I do the same using any other module like JRadius? I have gone through the rlm_jradius source code, 
>> and it looks like it doesn't differentiate between accounting and authorization responses when reading value pairs.
>   If you can get something to work, good luck.  But the server is NOT
> intended to send attributes back in the Accounting-Response.

The standard install of FR also includes the following in

        Vendor-Specific =* ANY,
        Message-Authenticator =* ANY,
        Proxy-State =* ANY

The filter does allow any VSA - I wonder why the modules are not written
to facilitate sending the attributes to the NAS.

>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See


More information about the Freeradius-Users mailing list