Radclient receives response messages from different source port than destination port of request messages

rosario.mattera at accenture.com rosario.mattera at accenture.com
Thu May 30 11:23:22 CEST 2013


Hi Alan,

I would like to specify that I'm using radclient as a RADIUS proxy. I reach the RADIUS server through a load balancer. The server uses ports other than 1812 and 1813 in its responses because the matching between requests and responses is done through the Proxy-State attribute. This behavior is implemented in a very famous European Telco operator. In radclient is not implemented any mechanism to support this behavior?

Can you confirm that the current implementation of radclient, realizes the matching between requests and responses using also the source port of the responses?

Thanks,
Rosario


-----Original Message-----
From: freeradius-users-bounces+rosario.mattera=accenture.com at lists.freeradius.org [mailto:freeradius-users-bounces+rosario.mattera=accenture.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: martedì 28 maggio 2013 18:12
To: FreeRadius users mailing list
Subject: Re: Radclient receives response messages from different source port than destination port of request messages

rosario.mattera at accenture.com wrote:
> Thanks Alan for your response. Anyway I can't modify RADIUS server configuration because does not belongs to my domain.

  Then tell the other RADIUS server to fix his system.

> The domain administrator told me that RADIUS server responds using a different source port because of Proxy-State attribute is used in the Access-Request.

  Nonsense.

  RADIUS doesn't work like that.

> Is there a way to force "radclient" to recognize that response? I have to edit the source files?

  No.

  RADIUS doesn't work like that.  FreeRADIUS will *never* work like that.  It's stupid, broken, and completely wrong.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.

Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.

______________________________________________________________________________________

www.accenture.com



More information about the Freeradius-Users mailing list