3.0.18: operator = not behaving as expected after proxying to virtual server
Alan DeKok
aland at deployingradius.com
Sat Apr 6 14:09:47 CEST 2019
On Apr 6, 2019, at 7:22 AM, Nathan Ward <lists+freeradius at daork.net> wrote:
> I don’t know if it’s FR’s job to determine RFC compliance in terms of how many times and attribute is listed.
It's not.
We enforce RFC requirements largely for security and formatting. i.e. the attributes should have correctly formatted contents.
We absolutely do not enforce the rest of the RFC requirements by default. A good number are wrong and broken. See RFC 5080 for a collection is disgusting breakages in RADIUS. And that didn't catch them all. :(
> Often, weird stuff like that is required for poorly implemented NASes. It should allow you to configure it to do weird stuff.
Exactly.
And most NASes are written lazily. If they get two attributes where they expect one, they often don't even know. They just look for the first one and use it.
Alan DeKok.
More information about the Freeradius-Users
mailing list