Windows Login

Alan DeKok aland at deployingradius.com
Sun Sep 7 07:35:37 CEST 2008


Kirk Wallace wrote:
> Solved (so far). I found the PoPToP cookbook link:
...
> The dictionary file edit:
>                 INCLUDE /etc/radiusclient/dictionary.merit
>                 INCLUDE /etc/radiusclient/dictionary.microsoft
> seems to have made the difference. This bit is missing from my usual
> instructions:

  It's arguably a fairly serious bug on the part of the client software.
 RADIUS clients do NOT need dictionaries.  Their functionality is
hard-coded in.

  e.g. If the client does MS-CHAP, then they know the name, number, and
properties of the MS-CHAP attributes.  Those properties shouldn't
change.  Ever.  So having the client *require* a dictionary to define
those properties is useless.

  RADIUS servers need dictionaries because new clients define all sorts
of new attributes, that the server needs to understand without code changes.

  This is described in more detail in an upcoming RADIUS RFC which has
my name on it.

  Alan DeKok.



More information about the Freeradius-Users mailing list