RFC compliance for Access Challenge

[sanal kumar kariazhath]

Cool....  Thanks a lot for the quick response and info...  :-)

Thanks,
-Sanal

On Mon, Dec 12, 2011 at 6:36 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
>
> >    Would like to know why Free Radius is putting the user configuration
> data
> >    in Access Challenge ?
>
> as per attrs.access_challenge
>
>
> #       This configuration file is used to remove almost all of the
> #       attributes From an Access-Challenge message.  The RFC's say
> #       that an Access-Challenge packet can contain only a few
> #       attributes.  We enforce that here.
> #
> DEFAULT
>        EAP-Message =* ANY,
>        State =* ANY,
>        Message-Authenticator =* ANY,
>        Reply-Message =* ANY,
>        Proxy-State =* ANY,
>        Session-Timeout =* ANY,
>        Idle-Timeout =* ANY
>
> this would suggest strongly that you arent actually USING this filter to
> follow the RFCs that you are so strongly advocating in your post - this
> filter file is define in modules/attrs
>
> attr_filter attr_filter.access_challenge {
>        key = %{User-Name}
>        attrsfile = ${confdir}/attrs.access_challenge
> }
>
>
>
> now....read the sites-enabled/default as provided with the server, scroll
> down to the 'eap' authentication and then you'll see the next 12 lines have
> the bit that will enable this filter.  its commented out by default because
> its an RFC that not many people care about (having seen junk from IAS/NPS
> and
> ACS, FreeRADIUS is already *quite* RFC compliant without tis extra bit of
> OCD  ;-)
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111212/4993e79e/attachment.html>