Mixed Environment Question
Alan DeKok
aland at deployingradius.com
Tue Jan 31 08:36:16 CET 2012
Arran Cudbard-Bell wrote:
> Hmm RFC 5080 expounds a bit more on Clients and attribute processing:
>
> In general, it is best for a RADIUS client to err on the side of
> caution. On receiving an Access-Accept including an attribute of
> known Type for an unimplemented service, a RADIUS client MUST treat
> it as an Access-Reject, as directed in [RFC2865] Section 1.1. On
> receiving an Access-Accept including an attribute of unknown Type, a
> RADIUS client SHOULD assume that it is a potential service
> definition, and treat it as an Access-Reject. Unknown VSAs SHOULD be
> ignored by RADIUS clients.
>
> I'll have a word with Alan tomorrow, seeing as I know he helped author
> this one. Unknown VSAs with your vendor ID fine, but VSAs with a
> different vendor ID? Seems really stupid to me.
Yes, I wrote that text. And getting excited over a DIFFERENT vendors
VSAs? Stupid.
Alan DeKok.
More information about the Freeradius-Users
mailing list