Can FreeRADIUS send non-standard VSAs?

Ian Pilcher arequipeno at gmail.com
Fri Apr 26 20:54:58 CEST 2019


I'm beating my head against the RBAC VSAs used by a couple of Dell /
Force 10 switches.  Specifically, I am trying to figure out the binary
format of the "Force10-avpair" VSA that is documented here:

https://www.dell.com/support/manuals/us/en/04/force10-s3048-on/s3048-on-9.10.0.0-config-pub/configuring-tacacs-and-radius-vsa-attributes-for-rbac?guid=guid-db9c9836-cbcd-4b74-a917-657607ca3863&lang=en-us

You'll note that the documentation makes no mention of a vendor-specific
ID for the Force10-avpair attribute.  Neither does anything else that
Google can find, and Dell support is completely flummoxed.

I'm starting to think that it's possible that there is no ID.  Maybe
Force 10 ignored the latter part of section 5.26 of RFC 2865 and just
defined their VSA(s) as a simple string (without any vendor type or
vendor length fields).

Is it possible to get FreeRADIUS to send a VSA like this?

-- 
========================================================================
Ian Pilcher                                         arequipeno at gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================


More information about the Freeradius-Users mailing list