freeradius 3.0.13 LDAP - reply custom Vendor Specific

Alan DeKok aland at deployingradius.com
Thu Nov 30 16:42:14 CET 2017


> On Nov 30, 2017, at 10:34 AM, Paweł Cituk <pawelcit at gmail.com> wrote:
> 
> In dictionary I have added:
> ATTRIBUTE       I       5003    string
> ATTRIBUTE       H       5004    string

  Don't do that.

  For one, adding single-letter attribute names is bad.  You have NO IDEA what they mean.  Use descriptive names.  It's much more productive.

  On top of that, the comments in raddb/dictionary tell you what numbers to use, and why.  The comments DON'T say "use numbers in the 5000 range".

  And, the comments in raddb/dictionary tell you which attributes can go into a RADIUS packet, and which can't.

  The dictionary entries you added above are NOT vendor specific attributes.

  And, you can't magically invent attributes, send them to the client, and have the client understand them.  You can only send attributes that the client understands.

  What attributes are understood by the client?  Go read the client documentation to see.  There are tens of thousands of RADIUS clients, from thousands of different vendors, and we have no idea what each client can do.

  You also said:

> I try to authenticate IPMI server trough freeradius but it require two
> custom attributes (Vendor Specfic) ie for admin H=4 and I=4.

  What does that mean?  The link you posted to the freeipa.org page had *nothing* about "H=4" or "I=4".

  Alan DeKok.




More information about the Freeradius-Users mailing list