Mixed Environment Question

Alan DeKok aland at deployingradius.com
Tue Jan 31 08:36:16 CET 2012

Arran Cudbard-Bell wrote:
> Hmm RFC 5080 expounds a bit more on Clients and attribute processing:
>    In general, it is best for a RADIUS client to err on the side of
>    caution.  On receiving an Access-Accept including an attribute of
>    known Type for an unimplemented service, a RADIUS client MUST treat
>    it as an Access-Reject, as directed in [RFC2865] Section 1.1.  On
>    receiving an Access-Accept including an attribute of unknown Type, a
>    RADIUS client SHOULD assume that it is a potential service
>    definition, and treat it as an Access-Reject.  Unknown VSAs SHOULD be
>    ignored by RADIUS clients.
> I'll have a word with Alan tomorrow, seeing as I know he helped author
> this one. Unknown VSAs with your vendor ID fine, but VSAs with a
> different vendor ID? Seems really stupid to me.

  Yes, I wrote that text.  And getting excited over a DIFFERENT vendors
VSAs?  Stupid.

  Alan DeKok.

More information about the Freeradius-Users mailing list