Access-Request / Mandatory Attributes
rsg
ranil.santhish at gmail.com
Thu Dec 24 10:44:28 CET 2009
Thanks for your prompt response Alan.
>> " .....An Access-Request SHOULD contain a User-Name attribute. It
>> MUST contain either a NAS-IP-Address attribute or a NAS-Identifier
>> attribute (or both)."
>>
>> Can someone clarify this please?
>
> It is a requirement on *client* implementations. It has no meaning
> for a RADIUS server.
>
> What do you suggest that a RADIUS server do if it receives a
> "non-compliant" packet? Discard it? Reject it? ...
Yes, i came across a different vendor that Rejects requests without
either of those mandatory attributes.
> FreeRADIUS enforces security requirements. Nearly all of the other
> "MUST" statements are meant as "this is good practice". They can
> therefore be ignored. And they often *need* to be ignored for
> inter-operability with horrible vendor equipment.
>
I understand your point here; however in my opinion some vendors don't
seem to be that flexible even when it comes to such client side
requirements.
Cheers,
More information about the Freeradius-Users
mailing list